I’m a third-year Ph.D. student at the School of Electrical Engineering and Computer Science, the University of Queensland, mentored by A/Prof. Guangdong Bai.
My research focuses on detecting security and privacy issues in the system and third-party application ecosystem based on privacy documentation. My works have been published in leading conferences and journals, including FSE, ICSE, ASE, PETs etc.
",
which does not match the baseurl
("
") configured in _config.yml
.
baseurl
in _config.yml
to "
".
Chuan Yan, Ruomai Ren, Mark Huasong Meng, Liuhuo Wan, Tian Yang Ooi, Guangdong Bai
CCF-A CORE-A* Distinguished Paper 🏆 ASE'24: The 39th IEEE/ACM International Conference on Automated Software Engineering 2024
We conduct the first comprehensive study of the ChatGPT app ecosystem, aiming to unveil its landscape to our research community. Our study focuses on the distribution and deployment models in the integration of LLMs and third-party apps, and assesses their security and privacy implications. We in- vestigate the runtime execution mechanism of ChatGPT apps and accordingly propose a three-layer security assessment model from the perspectives of users, app developers, and store operators.
Chuan Yan, Mark Huasong Meng, Fuman Xie, Guangdong Bai
CCF-A CORE-A* FSE'24: Proceedings of the ACM on Software Engineering, Volume 1, Issue FSE 2024
We conduct the first systematic study on the consistency between the operational behaviors of the OS at runtime and the officially disclosed DPCs. We propose DopCheck, an automatic DPC-driven testing framework equipped with a large language model (LLM) pipeline. It features a serial of analysis to extract the ontology from the privacy change documents written in natural language, and then harnesses the few-shot capability of LLMs to construct test cases for the detection of DPC-compliance issues in OS implementations.
Chuan Yan, Fuman Xie, Mark Huasong Meng, Yanjun Zhang, Guangdong Bai
CCF-C CORE-A PETS'24:The 24th Privacy Enhancing Technologies Symposium 2024
We conduct the first systematic study on the quality of privacy policies in the VPA app domain. Based on our review of literature and documents from standard working groups, we identify four metrics that enable the quality of the privacy policy to become measurable, including timeliness, availability, completeness and readability. We then develop QuPer, which extracts the meta features (e.g., update history) and linguistic features (e.g., sentence semantics) from privacy policies, and assesses their quality. Our analysis reveals that the status of the quality of privacy policies in the VPA app domain is concerning.