I am a postdoctoral researcher in the Advanced Software Technologies (AST) lab at ETH Zurich, mentored by Prof. Zhendong Su. I obtained my Ph.D. in Computer Science and Engineering from The Hong Kong University of Science and Technology (HKUST) in 2024 under the supervision of Prof. Shuai Wang. Prior to that, I received my B.S. in Computer Science from Fudan University in 2020.

E-mail: yuanyuan.yuan [at] inf.ethz.ch

๐ŸŒŸ I am on the academic job market and would be delighted to connect! Please feel free to reach out if youโ€™re interested.

Research Interests

My research focuses on the safety (i.e., addressing unintentional defects and ensuring reliable behaviors) and security (i.e., uncovering and mitigating intentional attacks and privacy breaches) of AI systems. My long-term goal is to strengthen AI systemsโ€™ safety and security across a range of conventional and emerging scenarios. Over the past several years, I have been pursuing this goal primarily from software and hardware perspectives.

From the software perspective, I employ software testing and verification, two fundamental and complementary techniques, to enhance the safety of AI systems. My research has redefined the entire testing framework for AI systems, including the testing input generation [TSE 24], testing objectives [ICSE 23a, ICSE 23b], testing oracles [ASE 22, CVPR 21], and the follow-up repairing [ISSTA 24]. It has also bridged different verification techniques to real-world applications of AI systems [USENIX Security 23b].

From the hardware perspective, I analyze hardware activities in AI systems to uncover new attack vectors. Specifically, my research has revealed different hardware side channels that compromise data privacy, such as input leakages to malicious users [USENIX Security 22, ICLR 21], input and AI model leakages to untrusted hosts in TEE-protected AI systems [IEEE S&P 25, CCS 24]. It has also identified pervasive and stealthy hardware fault injections that manipulate AI systemโ€™s outputs [NDSS 25a]. To defend against these attacks, I have proposed universal detection techniques for the leakages [USENIX Security 23a] and injections [NDSS 25b, NDSS 23].

Education & Experience

  • Postdoctoral Researcher. AST lab, ETH Zurich. Oct. 2024 - present.

  • Ph.D. in Computer Science and Engineering. HKUST. Sep. 2020 - Sep. 2024.
    ๐ŸŽ“ Thesis: Side Channel Analysis for AI Infrastructures
    ๐Ÿ† Best PhD Dissertation Award 2024 (one awardee per year), CSE, HKUST

  • Visiting Researcher. AST lab, ETH Zurich. Sep. 2022 - Sep. 2023.

  • B.S. in Computer Science. Fudan University. Sep. 2016 - July 2020.

Selected Publications (full list)

$^\dagger$ indicates corresponding authors, i.e., first-author works of junior students I mentored.

Awards

  • ๐Ÿ† Distinguished Paper Award, IEEE Symposium on Security and Privacy, 2025.

  • ๐Ÿ† Best PhD Dissertation Award (one awardee per year), Department of Computer Science and Engineering, HKUST, 2024.

Academic Services

  • Program Committee: ICSE 2026, LMPL 2025, DeepTest 2025, USENIX Security 2023 (Artifact Evaluation), OSDI 2022 and USENIX ATC 2022 (Artifact Evaluation), ISSTA 2022 (Artifact Evaluation).

  • Reviewer: IEEE Transactions on Software Engineering, IEEE Transactions on Dependable and Secure Computing.

Teaching Experience

  • Teaching Assistant: Automated Software Testing. ETH Zurich, Spring 2025.
  • Teaching Assistant: Research Topics in Software Engineering. ETH Zurich, Spring 2025.
  • Teaching Assistant: Compiler Design. ETH Zurich, Fall 2024.
  • Guest Lecturer: Automated Software Testing. ETH Zurich, Spring 2023.
  • Teaching Assistant: COMP3632: Principles of Cybersecurity. HKUST, Fall 2021.
  • Teaching Assistant: COMP3632: Principles of Cybersecurity. HKUST, Spring 2021.
  • Teaching Assistant: Introduction to Computer System. Fudan University, Fall 2018.

Last updated: 14 May 2025