Qinsheng Hou (侯勤胜)

About me

I am a Ph.D. student at Shandong University, advised by Prof. Shanqing Guo. Currently, I also work with Prof. Haixin Duan and Dr. Lingyun Ying at QI-ANXIN Technology Research Institute. Also, I ever worked / interned at JD.com, and ISCAS. My research interests are primarily in Mobile Security, Software Supply Chain Security, and IoT Security.

Publications

1. [Euro S&P’22] Huikai Xu, Miao Yu, Yanhao Wang, Yue Liu, Qinsheng Hou, Zhenbang Ma, Haixin Duan, Jianwei Zhuge, and Baojun Liu. Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers. The 7th IEEE European Symposium on Security and Privacy, Genoa, Italy. June 6-10, 2022.
2. [ICSE’22] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Xiaofeng Liu, Song Liu, Lingyun Ying, Shanqing Guo, Yuanzhi Li, Meining Nie, and Haixin Duan. Large-scale Security Measurements on the Android Firmware Ecosystem. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF]
3. [USENIX Security’21] Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, and Zhi Xue. Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems. The 30th USENIX Security Symposium, Virtual. August 11-13, 2021. [Top] [CCF A] [PDF]
4. [ASIA CCS’20] Qinsheng Hou, Yao Cheng, and Lingyun Ying. NativeX: Native Executioner Freezes Android. The 15th ACM Asia Conference on Computer and Communications Security, Taipei, Taiwan, October 5-9, 2020. [CCF C] [PDF]

Invited Talks

• Android固件生态的大规模安全测量
  • Aug 2021: 3rd International Workshop on Cyber Security and Data Privacy
  • Aug 2021: 2021 北京网络安全大会
• 基于Native Code的Android系统Dos攻击分析
  • May 2021: Nankai University, Tianjin, China
  • Apr 2021: Southeast University, Nanjing, China
  • Dec 2020: Shandong University, Qingdao, China
• NativeX: Native Executioner Freezes Android
  • Apr 2020: Tsinghua University, Beijing, China

Awards

• 天府杯 2021 国际网络安全大赛
  • 原创漏洞复现赛: 摄像头 & 汽车破解项目
• GeekPwn 2020 新基建安全大赛
  • 优胜奖: 植保无人机劫持项目 (最高单项奖金)

Vulnerabilities and Acknowledgments

• CVE (5) : CVE-2021-22486, CVE-2021-26281, CVE-2021-26279, CVE-2021-21742, CVE-2021-3720
• CNVD (30) : CNVD-2021-50158, CNVD-2021-42966, CNVD-2021-42949, CNVD-2021-44383, CNVD-2021-44382, CNVD-2021-48937, CNVD-2021-50157, CNVD-2021-42965, CNVD-2021-42964, CNVD-2021-42963, CNVD-2021-46708, CNVD-2021-48955, CNVD-2021-40258, CNVD-2021-37375, CNVD-2021-41512, CNVD-2021-40261, CNVD-2021-40262, CNVD-2021-37377, CNVD-2021-44691, CNVD-2021-40254, CNVD-2021-40255, CNVD-2021-40721, CNVD-2021-40259, CNVD-2021-41513, CNVD-2021-40256, CNVD-2021-40257, CNVD-2021-67925, CNVD-2020-33098, CNVD-2020-38456, CNVD-2020-28792

Patents

• 侯勤胜, 应凌云, 聂眉宁.一种阻止基于原生代码攻击操作系统的方法及装置, 发明专利, 2021, 专利号: ZL201910489983.2

External Reviewer

• ESORICS 2020
• ISSRE 2022