😀 About Me
Hi, there! I’m a master student at Huazhong University of Science and Technology (HUST), supervised by Prof. Haoyu Wang, working with folks at Security PRIDE Research Group. Previously, I received my B.Eng. degree at Xidian University, under supervision of Prof. Hui Li in June 2023.
I am interested in the intersection of security, program analysis, and AI systems. Specifically, I focus on developing impactful, real-world solutions for detecting and defending against vulnerabilities in a wide range of systems, including Open-Source Software Supply Chains, Cross-Platform Endpoints, and LLM Infrastructures.
- OSS Security: NPM/PyPI code poisoning (ASE’23, ASE’24)
- Endpoint Security: ransomware (CCS’24), miniapp security (ASE’23) & privacy (TOSEM, SaTS’23)
- LLM Infra Security: pre-trained model supply chain (TOSEM, ASE’24)
If you would like to reach me, please send an email to shenaowang AT hust.edu.cn
🎉 News
-
🔝 02/2025: Excited to announce the 1st workshop on LLMSC, co-located with ISSTA’25! Join us in Trondheim, Norway!
-
🔝 12/2024: We are actively maintaining the Awesome-LLM-Supply-Chain-Security. Welcome to star, fork, and contribute!
-
12/2024: Our paper working on MiniApp privacy was accepted by TOSEM!
-
11/2024: Two papers working on LLM Apps and Supply Chain were accepted by TOSEM 2030 SE Roadmap!
-
11/2024: We won the third prize in Software Research Prototype System Competition of ChinaSoft 2024.
-
08/2024: Two papers working on OSS/LLM supply chain security were accepted by ASE 2024 (Industry Showcase)!
-
07/2024: Our paper on ransomware detection in industrial environments was accepted by CCS 2024. See you in Salt Lake City!
-
12/2023: We won the third prize in Software Research Prototype System Competition of ChinaSoft 2023.
-
08/2023: Our paper on malicious npm/pypi package detection was accepted by ASE 2023 (Industry Challenge Track).
-
07/2023: Our paper on WeChat AppSecret Leaks was accepted by ASE 2023.
-
06/2023: I received my B.Eng. degree at Xidian University. :)
-
05/2023: I was invited to give a presentation at the first Cyber Security Innovation Forum in Wuhan.
-
09/2022: I became a member of SECURITY PRIDE Research Group.
📝 Publications
(* Equal Contribution)
Preprint
-
[arXiv] SoK: Understanding Vulnerabilities in the Large Language Model Supply Chain
Shenao Wang, Yanjie Zhao, Zhao Liu, Quanchen Zou, Haoyu Wang [Paper] -
[arXiv] Model Context Protocol (MCP): Landscape, Security Threats, and Future Research Directions
Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang[Paper] -
[arXiv] Large Language Models for Cyber Security: A Systematic Literature Review
Hanxiang Xu, Shenao Wang, Ningke Li, Kailong Wang, Yanjie Zhao, Kai Chen, Ting Yu, Yang Liu, Haoyu Wang [Paper] -
[arXiv] Seeing is (Not) Believing: Practical Phishing Attacks Targeting Social Media Sharing Cards
Wangchenlu Huang, Shenao Wang, Yanjie Zhao, Guosheng Xu, Haoyu Wang [Paper]
Conference
-
[CCS’24] CanCal: Towards Real-time and Lightweight Ransomware Detection and Response in Industrial Environments
Shenao Wang*, Feng Dong*, Hangfeng Yang, Jingheng Xu, and Haoyu Wang.
The 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS’24) [Paper] -
[ASE’24] Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs
Jian Zhao*, Shenao Wang*, Yanjie Zhao, Xinyi Hou, Kailong Wang, Peiming Gao, Yuanchao Zhang, Chen Wei, Haoyu Wang
The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE’24), Industry Showcase [Paper] [Repo] -
[Internetware’25] GPT Store Mining and Analysis
Dongxun Su, Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang
Proceedings of the 15th Asia-Pacific Symposium on Internetware [Paper] -
[ASE’24] Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments
Xinyi Zheng*, Chen Wei*, Shenao Wang, Yanjie Zhao, Peiming Gao, Yuanchao Zhang, Kailong Wang, Haoyu Wang
The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE’24), Industry Showcase [Paper] [Repo] -
[ASE’24] GPTZoo: A Large-scale Dataset of GPTs for the Research Community
Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang
The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE’24), NIER Track [Paper] [Repo] -
[ASE’23] MalWuKong: Towards Fast, Accurate, and Multilingual Detection of Malicious Code Poisoning in OSS Supply Chains
Ningke Li, Shenao Wang, Mingxi Feng, Kailong Wang, Meizhen Wang, Haoyu Wang.
The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23), Industry Challenge Track [Paper] [Repo] -
[ASE’23] WeMinT: Tainting Sensitive Data Leaks in WeChat Mini-Programs
Shi Meng, Liu Wang, Shenao Wang, Kailong Wang, Xusheng Xiao, Guangdong Bai, Haoyu Wang.
The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23) [Paper] [Repo]
Journal
-
[TOSEM] MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis
Shenao Wang, Yuekang Li, Kailong Wang, Yi Liu, Hui Li, Yang Liu, Haoyu Wang.
ACM Transactions on Software Engineering and Methodology (TOSEM) [Paper] [Repo] -
[TOSEM] Large Language Model Supply Chain: A Research Agenda
Shenao Wang, Yanjie Zhao, Xinyi Hou, Haoyu Wang.
ACM Transactions on Software Engineering and Methodology (TOSEM), Special Issue: 2030 Software Engineering Roadmap [Paper] [Repo] -
[TOSEM] LLM App Store Analysis: A Vision and Roadmap
Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang.
ACM Transactions on Software Engineering and Methodology (TOSEM), Special Issue: 2030 Software Engineering Roadmap [Paper]
Workshop
-
[SE 2030] Towards Reliable Vector Database Management Systems: A Software Testing Roadmap for 2030
Shenao Wang, Yanjie Zhao, Yinglin Xie, Zhao Liu, Xinyi Hou, Quanchen Zou, Haoyu Wang [Paper] -
[SaTS’23] On the Usage-scenario-based Data Minimization in Mini Programs
Shenao Wang, Yanjie Zhao, Kailong Wang, Haoyu Wang.
The 2023 ACM Workshop on Secure and Trustworthy Superapps (SaTS), co-located with CCS [Paper]
🔗 Service
Sub Reviewer
- 2025: S&P, FSE, ISSTA, NSDI, AsiaCCS, IWQoS
- 2024: CCS, FSE, ISSTA, WWW, IMC, Internetware, MSR, EASE, MobileSoft, SaTS, MobiLLM, LCTES
Publicity & Web Chair
- LLMSC Workshop @ISSTA 2025
👾 Experience
Education
- 09/2019 - 06/2023, B.Eng., Xidian University, Xi’an, China.
- 09/2023 - until now, M.S., Huazhong University of Science and Technology, Wuhan, China.
Intern
- 01/2024 - 02/2024, Research Intern, Ant Group (MYbank), Hangzhou, China.
- 09/2024 - until now, Research Intern, Jinyinhu Lab, Wuhan, China.
🏆 Honors & Awards
Awards
- 2024 - Third Prize, Prototype Competition in ChinaSoft’24 [Reference]
- 2023 - Bronze Award, National Innovation Competition [Reference]
- 2023 - Third Prize, Prototype Competition in ChinaSoft’23 [Reference]
- 2022 - First Prize, National Digital Forensics Competition (19/764) [Reference]
- 2022 - First Prize & Most Valuable Award, National College Student Information Security Contest (2/728) [Reference]
- 2022 - Meritorious Winner, MCM/ICM (Problem A) [Reference]
- 2021 - First Prize, National Cryptographic Competition (16/121) [Reference]
- 2021 - First Prize, CUMCM in Shannxi Province [Reference]
Honors
- 2024 - National Scholarship, Ministry of Education of P.R. China [Reference]
- 2024 - Merit Student, Huazhong University of Science and Technology [Reference]
- 2023 - Outstanding Graduate of Shaanxi Province [Reference]
- 2023 - Outstanding Bachelor Thesis, Xidian University [Reference]
- 2022 - President Scholarship, Xidian University (5 undergraduates among 5300+) [Reference]
- 2022 - National Scholarship, Ministry of Education of P.R. China (Top 1%) [Reference]
- 2022 - Xiaomi Special Scholarship (5 undergraduates among 5300+)
- 2021 - Excellent Student Cadre, Xidian University
- 2021 - National Encouragement Scholarship, Ministry of Education of P.R. China
- 2020 - Pacemaker to Merit Student, Xidian University
- 2020 - Special Scholarship, Xidian University (Top 1%)
🌟 Grants
-
Multilingual Program Analysis
Cybersecurity College Student Innovation Funding Program
Funded by CSAC and AntGroup, 2024.7 until now -
Permission Abuse Detection in Android/iOS Apps
Cybersecurity College Student Innovation Funding Program (Excellent Project [6/240])
Funded by CSAC and NIO, 2022.7-2023.11
© Copyright 2025 Shenao Wang. Last Updated: 4 Jan, 2025