I am a postdoctoral researcher in the Advanced Software Technologies (AST) lab at ETH Zurich, mentored by Prof. Zhendong Su. I received the Ph.D. degree from the Hong Kong University of Science and Technology (HKUST) in 2024, supervised by Prof. Shuai Wang, and the B.S. degree from Fudan University in 2020.

My research aims to comprehensively harden and secure modern AI systems. I pursue this goal primarily from the software and hardware perspectives.

E-mail: yuanyuan.yuan [at] inf.ethz.ch

Education & Experience

• Postdoctoral Researcher. AST lab, ETH Zurich. Oct. 2024 - present.

• Ph.D. in Computer Science and Engineering. HKUST. Sep. 2020 - Sep. 2024.
  🎓 Thesis: Side Channel Analysis for AI Infrastructures
  🏆 Best PhD Dissertation Award 2024 (one awardee per year), CSE, HKUST

• Visiting Researcher. AST lab, ETH Zurich. Sep. 2022 - Sep. 2023.

• B.S. in Computer Science. Fudan University. Sep. 2016 - July 2020.

Selected Publications (full list)

$^\dagger$ indicates corresponding authors, i.e., works of junior students I mentored.

• [IEEE S&P] CipherSteal: Stealing Input Data from TEE-Shielded Neural Networks with Ciphertext Side Channels.
  Yuanyuan Yuan, Zhibo Liu, Sen Deng, Yanzuo Chen, Shuai Wang, Yinqian Zhang, and Zhendong Su.
  In 46th IEEE Symposium on Security and Privacy, 2025.
  [preprint]

• [CCS] HyperTheft: Thieving Model Weights from TEE-Shielded Neural Networks via Ciphertext Side Channels.
  Yuanyuan Yuan, Zhibo Liu, Sen Deng, Yanzuo Chen, Shuai Wang, Yinqian Zhang, and Zhendong Su.
  In 31st ACM Conference on Computer and Communications Security, 2024.
  [preprint]

• [ISSTA] See the Forest, not Trees: Unveiling and Escaping the Pitfalls of Error-Triggering Inputs in Neural Network Testing.
  Yuanyuan Yuan, Shuai Wang, and Zhendong Su.
  In 33rd International Symposium on Software Testing and Analysis, 2024.
  [preprint]

• [TSE] Provably Valid and Diverse Mutations of Real-World Media Data for DNN Testing.
  Yuanyuan Yuan, Qi Pang, and Shuai Wang.
  In IEEE Transactions on Software Engineering, 2024.
  [preprint]

• [USENIX Security] Precise and Generalized Robustness Certification for Neural Networks.
  Yuanyuan Yuan, Shuai Wang, and Zhendong Su.
  In 32nd USENIX Security Symposium, 2023.
  [extended version], [code]

• [USENIX Security] CacheQL: Quantifying and Localizing Cache Side-Channel Vulnerabilities in Production Software.
  Yuanyuan Yuan, Zhibo Liu, and Shuai Wang.
  In 32nd USENIX Security Symposium, 2023.
  [extended version], [findings], [code]

• [ICSE] Revisiting Neuron Coverage for DNN Testing: A Layer-Wise and Distribution-Aware Criterion.
  Yuanyuan Yuan, Qi Pang, and Shuai Wang.
  In 45th IEEE/ACM International Conference on Software Engineering, 2023.
  [extended version], [code]

• [ASE] Unveiling Hidden DNN Defects with Decision-Based Metamorphic Testing.
  Yuanyuan Yuan, Qi Pang, and Shuai Wang.
  In 37th IEEE/ACM International Conference on Automated Software Engineering, 2022.
  [extended version], [code]

• [USENIX Security] Automated Side Channel Analysis of Media Software with Manifold Learning.
  Yuanyuan Yuan, Qi Pang, and Shuai Wang.
  In 31st USENIX Security Symposium, 2022.
  🏅 Artifact Evaluation Badges: Available; Functional; Reproduced.
  [extended version], [code]

• [CVPR] Perception Matters: Detecting Perception Failures of VQA Models Using Metamorphic Testing.
  Yuanyuan Yuan, Shuai Wang, Mingyue Jiang, and Tsong Yueh Chen.
  In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2021.
  [code]

• [ICLR] Private Image Reconstruction from System Side Channels Using Generative Models.
  Yuanyuan Yuan, Shuai Wang, and Junping Zhang.
  In International Conference on Learning Representations, 2021.
  [code]

• [NDSS] BitShield: Defending Against Bit-Flip Attacks on DNN Executables.
  Yanzuo Chen, Yuanyuan Yuan$^\dagger$, Zhibo Liu, Sihang Hu, Tianxiang Li, and Shuai Wang$^\dagger$.
  In 32nd Network and Distributed System Security Symposium, 2025.
  $^\dagger$ Corresponding authors.

• [NDSS] Compiled Models, Built-In Exploits: Uncovering Pervasive Bit-Flip Attack Surfaces in DNN Executables.
  Yanzuo Chen, Zhibo Liu, Yuanyuan Yuan$^\dagger$, Sihang Hu, Tianxiang Li, and Shuai Wang$^\dagger$.
  In 32nd Network and Distributed System Security Symposium, 2025.
  $^\dagger$ Corresponding authors.
  [preprint]

• [NDSS] OBSan: An Out-Of-Bound Sanitizer to Harden DNN Executables.
  Yanzuo Chen, Yuanyuan Yuan$^\dagger$, and Shuai Wang$^\dagger$.
  In 30th Network and Distributed System Security Symposium, 2023.
  $^\dagger$ Corresponding authors.
  [project page], [code]

• [ICSE] CC: Causality-Aware Coverage Criterion for Deep Neural Networks.
  Zhenlan Ji, Pingchuan Ma$^\dagger$, Yuanyuan Yuan$^\dagger$, and Shuai Wang.
  In 45th IEEE/ACM International Conference on Software Engineering, 2023.
  $^\dagger$ Corresponding authors.
  [code]

Academic Services

• Program Committee: DeepTest 2025, USENIX Security 2023 (Artifact Evaluation), OSDI 2022 and USENIX ATC 2022 (Artifact Evaluation), ISSTA 2022 (Artifact Evaluation).

• External Reviewer: IEEE S&P 2024, USENIX Security 2024, ISSTA 2024, FSE 2024, USENIX Security 2023, ISSTA 2023, FSE 2023, ASE 2022, CCS 2022.

Teaching Experience

• Teaching Assistant: COMP3632: Principles of Cybersecurity. HKUST, Fall 2021.
• Teaching Assistant: COMP3632: Principles of Cybersecurity. HKUST, Spring 2021.
• Teaching Assistant: Introduction to Computer System. Fudan University, Fall 2018.

Last updated: 13 Nov. 2024