Shenao Wang

Shenao Wang

What's Past Is Prologue ✨

📝 Publications

(* Equal contribution)

2026
  1. [C18] Demystifying LLM Supply Chain Vulnerabilities in the Wild: Distribution, Root Cause, and Real-World Impact CCF-C
    Shenao Wang, Yanjie Zhao, Zhao Liu, Quanchen Zou, Haoyu Wang
    The 17th Asia-Pacific Symposium on Internetware (Internetware'26) PDF
  2. [C17] Unveiling Large Language Model Supply Chain: Structure, Domain, and Vulnerabilities CCF-C
    Yanzhe Hu*, Shenao Wang*, Yuhan Tang, Tianyuan Nie, Yanjie Zhao, Haoyu Wang
    The 17th Asia-Pacific Symposium on Internetware (Internetware'26) PDF
  3. [C16] Understanding Bugs in Vector Database Management Systems CCF-C
    Yinlin Xie, Xinyi Hou, Yanjie Zhao, Shenao Wang, Kai Chen, Haoyu Wang
    The 17th Asia-Pacific Symposium on Internetware (Internetware'26) PDF
  4. [C15] YASA: Scalable Multi-Language Taint Analysis on the Unified AST at Ant Group CCF-A CORE-A*
    Yayi Wang*, Shenao Wang*, Jian Zhao, Shaosen Shi, Ting Li, Yan Cheng, Lizhong Bian, Kan Yu, Yanjie Zhao, Haoyu Wang
    The ACM International Conference on the Foundations of Software Engineering, Industry Track (FSE'26) PDF Repo
  5. [C14] Mapping the Landscape of LLM Deployment in the Wild: Prevalence, Patterns, and Perils CCF-B CORE-A*
    Xinyi Hou, Jiahan Han, Yanjie Zhao, Shenao Wang, Haoyu Wang
    Proceedings of the ACM on Measurement and Analysis of Computer Systems (POMACS)
  6. [C13] VDBFuzz: Understanding and Detecting Crash Bugs in Vector Database Management Systems CCF-A CORE-A*
    Shenao Wang*, Zhao Liu*, Yanjie Zhao, Quanchen Zou, Haoyu Wang
    The 48th IEEE/ACM International Conference on Software Engineering (ICSE'26) PDF Repo
  7. [C12] TaintP2X: Detecting Taint-Style Prompt-to-Anything Injection Vulnerabilities in LLM-Integrated Applications CCF-A CORE-A*
    Junjie He*, Shenao Wang*, Yanjie Zhao, Xinyi Hou, Zhao Liu, Quanchen Zou, Haoyu Wang
    The 48th IEEE/ACM International Conference on Software Engineering (ICSE'26) PDF Repo
  8. [J6] Survey of Storage Mechanism Security Threats for Large Language Models CCF-T1
    Liu Wang*, Shenao Wang*, Xinyi Hou, Jian Zhao, Rongxin Wu, Qiao Xiang, Yanjie Zhao, Yi Wang
    Journal of Computer Research and Development, in Chinese PDF
  9. [J5] Model Context Protocol (MCP): Landscape, Security Threats, and Future Research Directions CCF-A
    Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang
    ACM Transactions on Software Engineering and Methodology (TOSEM) PDF
2025
  1. [C11] Demystifying Cookie Sharing Risks in WebView-based Mobile App-in-app Ecosystems CCF-A CORE-A*
    Miao Zhang*, Shenao Wang*, Guilin Zheng, Yanjie Zhao, Haoyu Wang
    The 40th IEEE/ACM International Conference on Automated Software Engineering (ASE'25) PDF
  2. [C10] A Characterization Study of Bugs in LLM Agent Workflow Orchestration Frameworks CCF-A CORE-A*
    Zilou Xue, Yanjie Zhao, Shenao Wang, Kai Chen, Haoyu Wang
    The 40th IEEE/ACM International Conference on Automated Software Engineering, Industry Showcase (ASE'25)
  3. [J4] Large Language Models for Cyber Security: A Systematic Literature Review CCF-A
    Hanxiang Xu, Shenao Wang, Ningke Li, Kailong Wang, Yanjie Zhao, Kai Chen, Ting Yu, Yang Liu, Haoyu Wang
    ACM Transactions on Software Engineering and Methodology (TOSEM) PDF
  4. [J3] MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis CCF-A
    Shenao Wang, Yuekang Li, Kailong Wang, Yi Liu, Hui Li, Yang Liu, Haoyu Wang
    ACM Transactions on Software Engineering and Methodology (TOSEM) PDF Repo
    Also accepted by FSE 2025 Journal First Track
  5. [C9] Seeing is (Not) Believing: The Mirage Card Attack Targeting Online Social Networks CCF-C
    Wangchenlu Huang*, Shenao Wang*, Yanjie Zhao, Guosheng Xu, Haoyu Wang
    Proceedings of the 16th Asia-Pacific Symposium on Internetware (Internetware'25) PDF
  6. [C8] Exploring Typo Squatting Threats in the Hugging Face Ecosystem CCF-C
    Ningyuan Li, Yanjie Zhao, Shenao Wang, Zehao Wu, Haoyu Wang
    Proceedings of the 15th Asia-Pacific Symposium on Internetware PDF
  7. [C7] GPT Store Mining and Analysis CCF-C
    Dongxun Su, Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang
    Proceedings of the 15th Asia-Pacific Symposium on Internetware PDF
  8. [J2] LLM App Store Analysis: A Vision and Roadmap CCF-A
    Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang
    ACM Transactions on Software Engineering and Methodology, Special Issue: 2030 Software Engineering Roadmap (TOSEM) PDF
  9. [J1] Large Language Model Supply Chain: A Research Agenda CCF-A
    Shenao Wang, Yanjie Zhao, Xinyi Hou, Haoyu Wang
    ACM Transactions on Software Engineering and Methodology, Special Issue: 2030 Software Engineering Roadmap (TOSEM) PDF Repo
  10. [W2] Towards Reliable Vector Database Management Systems: A Software Testing Roadmap for 2030
    Shenao Wang, Yanjie Zhao, Yinglin Xie, Zhao Liu, Xinyi Hou, Quanchen Zou, Haoyu Wang
    ACM 2030 Roadmap for Software Engineering, co-located with FSE PDF
2024
  1. [C6] CanCal: Towards Real-time and Lightweight Ransomware Detection and Response in Industrial Environments CCF-A CORE-A*
    Shenao Wang*, Feng Dong*, Hangfeng Yang, Jingheng Xu, Haoyu Wang
    The 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS'24) PDF
  2. [C5] Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs CCF-A CORE-A*
    Jian Zhao*, Shenao Wang*, Yanjie Zhao, Xinyi Hou, Kailong Wang, Peiming Gao, Yuanchao Zhang, Chen Wei, Haoyu Wang
    The 39th IEEE/ACM International Conference on Automated Software Engineering, Industry Showcase (ASE'24) PDF Repo
  3. [C4] Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments CCF-A CORE-A*
    Xinyi Zheng, Chen Wei, Shenao Wang, Yanjie Zhao, Peiming Gao, Yuanchao Zhang, Kailong Wang, Haoyu Wang
    The 39th IEEE/ACM International Conference on Automated Software Engineering, Industry Showcase (ASE'24) PDF Repo
  4. [C3] GPTZoo: A Large-scale Dataset of GPTs for the Research Community CCF-A CORE-A*
    Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang
    The 39th IEEE/ACM International Conference on Automated Software Engineering, NIER Track (ASE'24) PDF Repo
2023
  1. [W1] On the Usage-scenario-based Data Minimization in Mini Programs
    Shenao Wang, Yanjie Zhao, Kailong Wang, Haoyu Wang
    The 2023 ACM Workshop on Secure and Trustworthy Superapps, co-located with CCS (SaTS) PDF
  2. [C2] WeMinT: Tainting Sensitive Data Leaks in WeChat Mini-Programs CCF-A CORE-A*
    Shi Meng, Liu Wang, Shenao Wang, Kailong Wang, Xusheng Xiao, Guangdong Bai, Haoyu Wang
    The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE'23) PDF Repo
  3. [C1] MalWuKong: Towards Fast, Accurate, and Multilingual Detection of Malicious Code Poisoning in OSS Supply Chains CCF-A CORE-A*
    Ningke Li, Shenao Wang, Mingxi Feng, Kailong Wang, Meizhen Wang, Haoyu Wang
    The 38th IEEE/ACM International Conference on Automated Software Engineering, Industry Challenge Track (ASE'23) PDF Repo