yxiao05@wm.edu
Embedded Files
Yue Xiao
I am an Assistant Professor of Computer Science at William & Mary. Prior to this, I was a Research Scientist at IBM Research. I earned my Ph.D. in Computer Science from Indiana University Bloomington, where I was advised by Prof. Luyi Xing and Prof.Xiaojing Liao. My research interests focus on the application of LLMs in security, privacy compliance analysis, vulnerability assessment, and software supply chain security. More broadly, I am interested in utilizing LLMs to tackle security challenges in downstream tasks (e.g., vulnerability management, CTF competitions), conduct system analysis to identify design flaws and detect real-world privacy violations in mobile supply chains by leveraging both program analysis and machine learning techniques.
Yue Xiao
I am an Assistant Professor of Computer Science at William & Mary. Prior to this, I was a Research Scientist at IBM Research. I earned my Ph.D. in Computer Science from Indiana University Bloomington, where I was advised by Prof. Luyi Xing and Prof.Xiaojing Liao. My research interests focus on the application of LLMs in security, privacy compliance analysis, vulnerability assessment, and software supply chain security. More broadly, I am interested in utilizing LLMs to tackle security challenges in downstream tasks (e.g., vulnerability management, CTF competitions), conduct system analysis to identify design flaws and detect real-world privacy violations in mobile supply chains by leveraging both program analysis and machine learning techniques.
I am currently recruiting self-motivated Ph.D. students and research interns to join my lab. If you are interested in working with me, please fill out this [Interest Form]. Prospective Ph.D. applicants should also apply through the official William & Mary portal: [Apply for Admission]. You’re welcome to reach out via email at (yxiao05@wm.edu) with any questions.
Recent Research Areas & Interests:
Recent Research Areas & Interests:
Privacy compliance check: [NDSS'25 Tracy][CCS'24 Legal][CCS'24 Colaine][Usenix'24-iHunter] [Usenix'23-Lalaine], [Usenix'21-XLDH]
Vulnerability assessment: [Usenix'22-DiffCVSS], [CCS'23-CEAM]
Software Supply Chain: [CCS'20][NDSS'25 JBomAudit]
News
News
[07/01/2024] I was awarded the Indiana University Graduate School Bloomington Distinguished Ph.D. Dissertation Award for 2024
[09/06/2023] An Invitation talk by FTC about Unveiling the Power of Compliance Analysis Tools: Ensuring Correctness and Comprehensiveness in Privacy Labels.
[04/28/2023] I won the Luddy Outstanding Researcher Award.
[08/24/2023)] Lalaine has been selected for showcasing in the 2023 NSA CAE-R Research Symposium.
[06/15/2022] I got Grace Hopper Conference SICE Funding from my department.
[10/15/2021] Our team won a second prize in the 2021 HackIN.
[04/28/2021] I won the Luddy Outstanding Teaching assistant Award.
[4/16/2021] I won the first place in Women’s Research Poster Competition 2021.
[08/21/2020] I was nominated by the office of the department chair at Indiana niversity for the Microsoft Research Ada Lovelace Fellowship.
[12/30/2019] Google awarded us $5,000 bug bounty for discovering malicious SDKs.
[12/5/2019] Facebook awarded us $30,000 as bug bounty, for our report of real-world cyber crime that steals Facebook user OAuth token/PII.
[11/19/2019] Twitter awarded us $560 for discovering new attacks against Twitter users in the wild.
[8/2/2019] Tencent acknowledged our reported vulnerability on Wechat.
[8/2/2019] Opera put my name on its hall of fame for our vulnerability finding.
Page updated
Google Sites
Report abuse