Shenao Wang

Shenao Wang

What's Past Is Prologue ✨


😀 About Me

Hi, there! I’m a master student at Huazhong University of Science and Technology (HUST), supervised by Prof. Haoyu Wang, working with folks at Security PRIDE Research Group (Security, Privacy, and Dependability in Emerging Software Systems). Previously, I received my B.Eng. degree at Xidian University, under supervision of Prof. Hui Li in June 2023.

I am interested in the intersection of security, program analysis, and AI systems. Specifically, I focus on developing impactful, real-world solutions for detecting and defending against vulnerabilities in a wide range of systems, including Open-Source Software Supply Chains, Cross-Platform Endpoints, and LLM Infrastructures.

  • OSS Security: NPM/PyPI code poisoning (ASE’23, ASE’24)
  • Endpoint Security: ransomware (CCS’24), miniapp security (ASE’23) & privacy (TOSEM, SaTS’23)
  • LLM Infra Security: pre-trained model supply chain (TOSEM, ASE’24)

If you would like to reach me, please send an email to shenaowang AT hust.edu.cn

🎉 News

  • 🔝 02/2025: Excited to announce the 1st workshop on LLMSC, co-located with ISSTA’25! Join us in Trondheim, Norway!

  • 🔝 12/2024: We are actively maintaining the Awesome-LLM-Supply-Chain-Security. Welcome to star, fork, and contribute!

  • 12/2024: Our paper working on MiniApp privacy was accepted by TOSEM!

  • 11/2024: Two papers working on LLM Apps and Supply Chain were accepted by TOSEM 2030 SE Roadmap!

  • 11/2024: We won the third prize in Software Research Prototype System Competition of ChinaSoft 2024.

  • 08/2024: Two papers working on OSS/LLM supply chain security were accepted by ASE 2024 (Industry Showcase)!

  • 07/2024: Our paper on ransomware detection in industrial environments was accepted by CCS 2024. See you in Salt Lake City!

  • 12/2023: We won the third prize in Software Research Prototype System Competition of ChinaSoft 2023.

  • 08/2023: Our paper on malicious npm/pypi package detection was accepted by ASE 2023 (Industry Challenge Track).

  • 07/2023: Our paper on WeChat AppSecret Leaks was accepted by ASE 2023.

  • 06/2023: I received my B.Eng. degree at Xidian University. :)

  • 05/2023: I was invited to give a presentation at the first Cyber Security Innovation Forum in Wuhan.

  • 09/2022: I became a member of SECURITY PRIDE Research Group.

📝 Publications

(* Equal Contribution)

Preprint

  • [arXiv] SoK: Understanding Vulnerabilities in the Large Language Model Supply Chain
    Shenao Wang, Yanjie Zhao, Zhao Liu, Quanchen Zou, Haoyu Wang [Paper]

  • [arXiv] Understanding Large Language Model Supply Chain: Structure, Domain, and Vulnerabilities
    Yanzhe Hu*, Shenao Wang*, Tianyuan Nie, Yanjie Zhao, Haoyu Wang [Paper]

  • [arXiv] Toward Understanding Bugs in Vector Database Management Systems
    Yinlin Xie*, Xinyi Hou*, Yanjie Zhao, Shenao Wang, Kai Chen, Haoyu Wang [Paper]

  • [arXiv] Model Context Protocol (MCP): Landscape, Security Threats, and Future Research Directions
    Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang[Paper]

  • [arXiv] Large Language Models for Cyber Security: A Systematic Literature Review
    Hanxiang Xu, Shenao Wang, Ningke Li, Kailong Wang, Yanjie Zhao, Kai Chen, Ting Yu, Yang Liu, Haoyu Wang [Paper]

Conference

  • [CCS’24] CanCal: Towards Real-time and Lightweight Ransomware Detection and Response in Industrial Environments
    Shenao Wang*, Feng Dong*, Hangfeng Yang, Jingheng Xu, and Haoyu Wang.
    The 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS’24) [Paper]

  • [ASE’24] Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs
    Jian Zhao*, Shenao Wang*, Yanjie Zhao, Xinyi Hou, Kailong Wang, Peiming Gao, Yuanchao Zhang, Chen Wei, Haoyu Wang
    The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE’24), Industry Showcase [Paper] [Repo]

  • [Internetware’25] Seeing is (Not) Believing: The Mirage Card Attack Targeting Online Social Networks
    Wangchenlu Huang*, Shenao Wang*, Yanjie Zhao, Guosheng Xu, Haoyu Wang
    Proceedings of the 15th Asia-Pacific Symposium on Internetware [Paper]

  • [Internetware’25] Exploring Typo Squatting Threats in the Hugging Face Ecosystem
    Ningyuan Li, Yanjie Zhao, Shenao Wang, Zehao Wu, Haoyu Wang
    Proceedings of the 15th Asia-Pacific Symposium on Internetware [Paper]

  • [Internetware’25] GPT Store Mining and Analysis
    Dongxun Su, Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang
    Proceedings of the 15th Asia-Pacific Symposium on Internetware [Paper]

  • [ASE’24] Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments
    Xinyi Zheng*, Chen Wei*, Shenao Wang, Yanjie Zhao, Peiming Gao, Yuanchao Zhang, Kailong Wang, Haoyu Wang
    The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE’24), Industry Showcase [Paper] [Repo]

  • [ASE’24] GPTZoo: A Large-scale Dataset of GPTs for the Research Community
    Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang
    The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE’24), NIER Track [Paper] [Repo]

  • [ASE’23] MalWuKong: Towards Fast, Accurate, and Multilingual Detection of Malicious Code Poisoning in OSS Supply Chains
    Ningke Li, Shenao Wang, Mingxi Feng, Kailong Wang, Meizhen Wang, Haoyu Wang.
    The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23), Industry Challenge Track [Paper] [Repo]

  • [ASE’23] WeMinT: Tainting Sensitive Data Leaks in WeChat Mini-Programs
    Shi Meng, Liu Wang, Shenao Wang, Kailong Wang, Xusheng Xiao, Guangdong Bai, Haoyu Wang.
    The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23) [Paper] [Repo]

Journal

  • [TOSEM] MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis
    Shenao Wang, Yuekang Li, Kailong Wang, Yi Liu, Hui Li, Yang Liu, Haoyu Wang.
    ACM Transactions on Software Engineering and Methodology (TOSEM) [Paper] [Repo]
    Also accepted by FSE 2025 Journal First Track

  • [TOSEM] Large Language Model Supply Chain: A Research Agenda
    Shenao Wang, Yanjie Zhao, Xinyi Hou, Haoyu Wang.
    ACM Transactions on Software Engineering and Methodology (TOSEM), Special Issue: 2030 Software Engineering Roadmap [Paper] [Repo]

  • [TOSEM] LLM App Store Analysis: A Vision and Roadmap
    Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang.
    ACM Transactions on Software Engineering and Methodology (TOSEM), Special Issue: 2030 Software Engineering Roadmap [Paper]

Workshop

  • [SE 2030] Towards Reliable Vector Database Management Systems: A Software Testing Roadmap for 2030
    Shenao Wang, Yanjie Zhao, Yinglin Xie, Zhao Liu, Xinyi Hou, Quanchen Zou, Haoyu Wang [Paper]

  • [SaTS’23] On the Usage-scenario-based Data Minimization in Mini Programs
    Shenao Wang, Yanjie Zhao, Kailong Wang, Haoyu Wang.
    The 2023 ACM Workshop on Secure and Trustworthy Superapps (SaTS), co-located with CCS [Paper]

🔗 Service

Sub Reviewer

  • 2025: S&P, FSE, ISSTA, NSDI, AsiaCCS, PoPETs, IWQoS
  • 2024: CCS, FSE, ISSTA, WWW, IMC, Internetware, MSR, EASE, MobileSoft, SaTS, MobiLLM, LCTES

Publicity & Web Chair

  • LLMSC Workshop @ISSTA 2025

👾 Experience

Education

  • 09/2019 - 06/2023, B.Eng., Xidian University, Xi’an, China.
  • 09/2023 - until now, M.S., Huazhong University of Science and Technology, Wuhan, China.

Intern

  • 01/2024 - 02/2024, Research Intern, Ant Group (MYbank), Hangzhou, China.
  • 09/2024 - until now, Research Intern, Jinyinhu Lab, Wuhan, China.

🏆 Honors & Awards

Awards

  • 2024 - Third Prize, Prototype Competition in ChinaSoft’24 [Reference]
  • 2023 - Bronze Award, National Innovation Competition [Reference]
  • 2023 - Third Prize, Prototype Competition in ChinaSoft’23 [Reference]
  • 2022 - First Prize, National Digital Forensics Competition (19/764) [Reference]
  • 2022 - First Prize & Most Valuable Award, National College Student Information Security Contest (2/728) [Reference]
  • 2022 - Meritorious Winner, MCM/ICM (Problem A) [Reference]
  • 2021 - First Prize, National Cryptographic Competition (16/121) [Reference]
  • 2021 - First Prize, CUMCM in Shannxi Province [Reference]

Honors

  • 2024 - National Scholarship, Ministry of Education of P.R. China [Reference]
  • 2024 - Merit Student, Huazhong University of Science and Technology [Reference]
  • 2023 - Outstanding Graduate of Shaanxi Province [Reference]
  • 2023 - Outstanding Bachelor Thesis, Xidian University [Reference]
  • 2022 - President Scholarship, Xidian University (5 undergraduates among 5300+) [Reference]
  • 2022 - National Scholarship, Ministry of Education of P.R. China (Top 1%) [Reference]
  • 2022 - Xiaomi Special Scholarship (5 undergraduates among 5300+)
  • 2021 - Excellent Student Cadre, Xidian University
  • 2021 - National Encouragement Scholarship, Ministry of Education of P.R. China
  • 2020 - Pacemaker to Merit Student, Xidian University
  • 2020 - Special Scholarship, Xidian University (Top 1%)

🌟 Grants

  • Multilingual Program Analysis
    Cybersecurity College Student Innovation Funding Program
    Funded by CSAC and AntGroup, 2024.7-2025.4

  • Permission Abuse Detection in Android/iOS Apps
    Cybersecurity College Student Innovation Funding Program (Excellent Project [6/240])
    Funded by CSAC and NIO, 2022.7-2023.11

© Copyright 2025 Shenao Wang. Last Updated: 4 Jan, 2025