xiaoyue@iu.edu
Yue Xiao
I am currently a Research Scientist at IBM and received my Ph.D. in Computer Science from Indiana University Bloomington, where I was advised by Prof. Luyi Xing and Prof.Xiaojing Liao. My research interests focus on the application of LLMs in security, privacy compliance analysis, vulnerability assessment, and software supply chain security. More broadly, I am interested in utilizing LLMs to tackle security challenges in downstream tasks (e.g., vulnerability management, CTF competitions), conduct system analysis to identify design flaws and detect real-world privacy violations in mobile supply chains by leveraging both program analysis and machine learning techniques.
I am currently a Research Scientist at IBM and received my Ph.D. in Computer Science from Indiana University Bloomington, where I was advised by Prof. Luyi Xing and Prof.Xiaojing Liao. My research interests focus on the application of LLMs in security, privacy compliance analysis, vulnerability assessment, and software supply chain security. More broadly, I am interested in utilizing LLMs to tackle security challenges in downstream tasks (e.g., vulnerability management, CTF competitions), conduct system analysis to identify design flaws and detect real-world privacy violations in mobile supply chains by leveraging both program analysis and machine learning techniques.
Recent Research Areas & Interests:
(Eight first/co-first author papers and two other papers)
Privacy compliance check: [NDSS'25 Tracy][CCS'24 Legal][CCS'24 Colaine][Usenix'24-iHunter] [Usenix'23-Lalaine], [Usenix'21-XLDH]
Vulnerability assessment: [Usenix'22-DiffCVSS], [CCS'23-CEAM]
Software Supply Chain: [CCS'20][NDSS'25 JBomAudit]
News
[07/01/2024] I was awarded the Indiana University Graduate School Bloomington Distinguished Ph.D. Dissertation Award for 2024
[09/06/2023] An Invitation talk by FTC about Unveiling the Power of Compliance Analysis Tools: Ensuring Correctness and Comprehensiveness in Privacy Labels.
[04/28/2023] I won the Luddy Outstanding Researcher Award.
[08/24/2023)] Lalaine has been selected for showcasing in the 2023 NSA CAE-R Research Symposium.
[06/15/2022] I got Grace Hopper Conference SICE Funding from my department.
[10/15/2021] Our team won a second prize in the 2021 HackIN.
[04/28/2021] I won the Luddy Outstanding Teaching assistant Award.
[4/16/2021] I won the first place in Women’s Research Poster Competition 2021.
[08/21/2020] I was nominated by the office of the department chair at Indiana niversity for the Microsoft Research Ada Lovelace Fellowship.
[12/30/2019] Google awarded us $5,000 bug bounty for discovering malicious SDKs.
[12/5/2019] Facebook awarded us $30,000 as bug bounty, for our report of real-world cyber crime that steals Facebook user OAuth token/PII.
[11/19/2019] Twitter awarded us $560 for discovering new attacks against Twitter users in the wild.
[8/2/2019] Tencent acknowledged our reported vulnerability on Wechat.
[8/2/2019] Opera put my name on its hall of fame for our vulnerability finding.