Selected Publications

We present data-oriented attacks to bypass the web/local boundary in Google Chrome.
In CCS 2016 [Acc Rate: 16.5%]

We present PRO-ORAM — an ORAM construction that achieves constant latencies per access in a large class of applications.
In RAID 2019

OblivP2P is the first work that adapts ORAM to ensure obliviousness of content accessed in a P2P setting.
In USENIX Security 2016 [Acc Rate: 15.5%]

We present a locality-aware anonymous peer-assisted CDN (APAC).
In PETS 2016 [Acc Rate: 26.98%]

We presented web-to-application injection attacks and found 286 confirmed vulnerabilities in 134 distinct applications from Google Play.
In ESORICS 2015 [Acc Rate: 20%]

We found vulnerabilities on 5 desktop browsers and 16 mobile browsers, which got acknowledged by Google, Apple etc.! CVE-2014-7948 for Chrome, CVE-2015-5907 for Safari, and more.
In COSE 2015

We proposed a new solution called UserPath to establish an end-to-end trusted path between web application users and web servers.
In RAID 2014 [Acc Rate: 19.4%]

We introduced the concept of the trusted data vault, a small trusted engine that securely manages the storage and usage of sensitive data in an untrusted mobile device.
In ICECCS 2014 [Acc Rate: 27.4%]

We presented geo-inference attacks using timing channels to infer users’ geolocation information. Now on the news! Dailydot, Gizmodo, Techspot, TechExplore, and more.
In W2SP 2014 [Acc Rate: 29%]

Recent Publications

Teaching & Professional Service

I am a teaching assistant for the following courses at NUS:

I am serving as an (external) reviewer or student PC for the following conferences:

  • Reviewer: IEEE Transactions on Information Forensics and Security (TIFS)
  • PC: ACM ASIA Conference on Computer and Communications Security’ 19
  • Student PC: S&P’ 17
  • External Reviewer: S&P’15, 16; CCS’15, 16; Usenix Security’15; NDSS’15 - 17; WWW’15; AsiaCCS’14, 15; ICDCS’16, 17

I gave talks in following places:

  • Cornell Tech, New York, New York, USA, January, 2017
  • Northeastern University, Boston, Massachusetts, USA, January, 2017
  • Stony Brook University, Stony Brook, New York, USA, January, 2017
  • CCS, Vienna, Austria, October, 2016
  • PETS, Darmstadt, Germany, July, 2016
  • BlackHat Asia, Singapore, March, 2015
  • ADSC, Singapore, July, 2014
  • Web 2.0 Security & Privacy, Oakland, California, USA, May, 2014

Awards & Scholarships

  • Dean’s Graduate Research Excellence Award, 2017
  • USENIX Student Travel Grant, 2016
  • PETS Student Travel Grant, 2016
  • CVE-2014-7948 for Chrome, CVE-2015-5907 for Safari, 2015
  • RAID Student Travel Grant, 2014
  • Best Paper Award in ICECCS, 2014
  • Best Paper Award in W2SP, 2014
  • S&P Student Travel Grant, 2014
  • NUS Research Scholarship, 2012
  • Excellent Graduate of HUST, 2012
  • Google Excellence Scholarship, 2011
  • National Scholarship, 2009, 2010
  • Excellent Student of HUST, 2009, 2010


  • The Work Project, 12 Marina View, Asia Square Tower 2, #11-01, Singapore 018961
  • Email for appointment