😀 About Me

Hi, there! I’m a master student in the School of Cyber Science and Engineering at Huazhong University of Science and Technology (HUST), supervised by Prof. Haoyu Wang. I also have the privilege of working closely with Dr. Kailong Wang & Dr. Yanjie Zhao, from whom I have learned a great deal. Previously, I received my B.Eng. degree at Xidian University, under supervision of Prof. Hui Li in June 2023.

I am interested in improving the security of mobile systems and having an impact in the real world. My current research interests include Mobile Security (Especially Mini-Programs), OSS Security and LLM Security:

• Mobile Security: Super/Mini App Security
• OSS Security: Supply Chain Poisoning
• LLM Security: Jailbreak, LLM4Security

If you would like to reach me, please send an email to shenaowang@hust.edu.cn.

Here are my close friends’ homepages: Xinyi Hou, Yanjie Zhao, Liu Wang, Ningke Li.

🎉 News

• [08 May 2024] Our paper title “Large Language Models for Cyber Security: A Systematic Literature Review” is available on arXiv.

• [30 Apr 2024] Our paper titled “Large Language Model Supply Chain: A Research Agenda” is accepted by SE 2030.

• [30 Apr 2024] Our paper titled “LLM App Store Analysis: A Vision and Roadmap” is accepted by SE 2030.

• [09 Jan 2024] Our paper titled “MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis” is available on arXiv.

• [03 Dec 2023] Our work on privacy analysis of mini-programs win the third prize in Prototype Competition of ChinaSoft 2023.

• [20 Aug 2023] Our work on privacy compliance of mini-programs win the highest prize in CISCN 2023 (with me serving as a co-advisor).

• [15 Aug 2023] Our paper on malicious npm/pypi package detection is accepted by ASE 2023 (Industry Challenge Track, full paper).

• [18 Jul 2023] Our paper on WeChat AppSecret Leaks is accepted by ASE 2023.

• [25 Jun 2023] I receive my B.Eng. degree at Xidian University. :)

• [16 May 2023] I give a presentation at the first Cyber Security Innovation Forum in Wuhan, with a topic of “Research on Permission Abuse in Android Apps”.

• [28 Sep 2022] I become a member of SECURITY PRIDE Research Group.

📝 Publications

(* Equal Contribution)

Preprint

• MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis
  Shenao Wang, Yuekang Li, Kailong Wang, Yi Liu, Hui Li, Yang Liu, Haoyu Wang [Paper]

• Large Language Models for Cyber Security: A Systematic Literature Review
  Hanxiang Xu, Shenao Wang, Ningke Li, Kailong Wang, Yanjie Zhao, Kai Chen, Ting Yu, Yang Liu, Haoyu Wang [Paper]

Peer-Reviewed

• Large Language Model Supply Chain: A Research Agenda
  Shenao Wang, Yanjie Zhao, Xinyi Hou, Haoyu Wang.
  The International Workshop on Software Engineering in 2030 (SE 2030, co-located with FSE’24) [Paper]

• LLM App Store Analysis: A Vision and Roadmap
  Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang.
  The International Workshop on Software Engineering in 2030 (SE 2030, co-located with FSE’24) [Paper]

• On the Usage-scenario-based Data Minimization in Mini Programs
  Shenao Wang, Yanjie Zhao, Kailong Wang, Haoyu Wang.
  The 2023 ACM Workshop on Secure and Trustworthy Superapps (SaTS’23, co-located with CCS’23) [Paper]

• MalWuKong: Towards Fast, Accurate, and Multilingual Detection of Malicious Code Poisoning in OSS Supply Chains
  Ningke Li, Shenao Wang, Mingxi Feng, Kailong Wang, Meizhen Wang, Haoyu Wang.
  The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23), Industry Challenge Track (full paper) [Paper]

• WeMinT: Tainting Sensitive Data Leaks in WeChat Mini-Programs
  Shi Meng, Liu Wang, Shenao Wang, Kailong Wang, Xusheng Xiao, Guangdong Bai, Haoyu Wang.
  The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23) [Paper]

🎓 Educations

• 2019.09 - 2023.06, B.Eng., Xidian University, Xi’an, China.
• 2023.09 until now, M.S., Huazhong University of Science and Technology, Wuhan, China.

👾 Experiences

• 2024.01 until now, Research Intern, Ant Group (MYBank), Hangzhou, China.

🏆 Honors and Awards

• 2023 - Bronze Award of National College Student Innovation Competition（中国国际大学生创新大赛）[reference]
• 2023 - Third Prize of Prototype Competition in ChinaSoft’23 (软件研究成果原型系统竞赛) [reference]
• 2023 - Outstanding Graduate of Shaanxi Province [reference]
• 2023 - Outstanding Bachelor Thesis of Xidian University (Title: Research and Implementation of Permission Abuse Detection Method for Mobile Mini-programs) [reference]
• 2022 - President Scholarship of Xidian University (5 undergraduates among 5300+, the highest student honor in Xidian University) [reference]
• 2022 - National Scholarship (Top 1%) [reference]
• 2022 - Xiaomi Special Scholarship (5 undergraduates among 5300+)
• 2022 - First Prize of National Digital Forensics Competition (美亚杯中国电子数据取证大赛, 19/764) [reference]
• 2022 - First Prize/Most Innovative and Entrepreneurial Value Award (最具创新创业价值奖, 2/728) of National College Student Information Security Contest (全国大学生信息安全竞赛-作品赛, CISCN for short) [reference]
• 2022 - Meritorious Winner of MCM/ICM (Problem A) [reference]
• 2021 - First Prize of the National Cryptographic Competition (全国密码技术竞赛) [reference]
• 2021 - First Prize of CUMCM in Shannxi Province [reference]

🌟 Grants

• 2022.10-2023.10 Research on Detection Methods of Permission Abuse in Android/iOS Apps, Cyber Security Academy Student Innovation Funding (一流网络安全学院学生创新资助计划, 优秀项目[6/240]), Funded by CSAC and NIO