Chao Wang

Bio

Chao Wang is a second year Ph.D. student from the Department of Computer Science and Engineering of The Ohio State University. He is advised by Prof. Zhiqiang Lin in SecLab. He received his Bachelor of Science degree from University of Electronic Science and Technology of China in 2021.

He is a security researcher interested in mobile security and web security, in particular mobile Super/Mini App security and JavaScript program analysis. He is also a DevOps engineer focused on code development and server operations.

He is a CTF player and composer in web challenges. He participates in CTF events with StrawHat and enjoys reversing, exploring and hacking CTF challenges and real-world applications.

• The best way to reach him is through his email: wang.15147@osu.edu
• PGP key: chaowang.pub
• Office: 439 Baker Systems Engineering, The Ohio State University, Columbus, Ohio 43210

Research Interest

• Mobile Security: Mobile Super/Mini App Security ([ICSE '23], [CCS '23],[USENIX-SEC '23a])
• Web Security: JavaScript
• System Security: TEE (TrustZone)

Publications

• [ASIACCS '24] RootFree Attacks: Exploiting Mobile Platform’s Super Apps From Desktop. [bib] [pdf] [slides]

  Chao Wang, Yue Zhang, and Zhiqiang Lin

  To appear in The 19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2024), 2024

• [USENIX-SEC '23a] One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant APIs in WeChat. [bib] [code] [pdf] [slides]

  Chao Wang, Yue Zhang, and Zhiqiang Lin

  In 32nd USENIX Security Symposium (USENIX Security 23), 2023

• [USENIX-SEC '23b] A Peek into the Metaverse: Detecting 3D Model Clones in Mobile Games. [bib] [code] [pdf] [slides]

  Chaoshun Zuo, Chao Wang, and Zhiqiang Lin

  In 32nd USENIX Security Symposium (USENIX Security 23), 2023

• [CCS '23] Uncovering and Exploiting Hidden APIs in Mobile Super Apps. [bib] [pdf] [slides]

  Chao Wang, Yue Zhang, and Zhiqiang Lin

  In The ACM Conference on Computer and Communications Security (CCS), 2023

• [ICSE '23] TaintMini: Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis. [bib] [code] [pdf] [slides]

  Chao Wang, Ronny Ko, Yue Zhang, Yuqing Yang, and Zhiqiang Lin

  In The International Conference on Software Engineering (ICSE), 2023

  (acceptance rate: 26%)

• [NSS '21] Re-Check Your Certificates! Experiences and Lessons Learnt from Real-World HTTPS Certificate Deployments [bib] [pdf]

  Wenya Wang, Yakang Li, Chao Wang, Yuan Yan, Juanru Li, and Dawu Gu

  In Network and System Security: 15th International Conference (NSS), 2021

Academic Services

• SecureComm '22: External reviwer

Research Experiences

• Graduate Research Assistant August. 2021 - Present
• Research intern at Shanghai Jiaotong University April. 2020 - August. 2021
• Research intern at Inst. of Info. Eng., Chinese Academy of Sciences July. 2019 - August. 2019