About me

I am a Ph.D. student under the supervision of Prof. Na Meng in the Department of Computer Science, Virginia Tech . My research focuses on vulnerability detection through static program analysis, which aims at helping developers eliminate security API misuses. I received my M.S degree from the Missouri S&T Computer Science department in 2018, and my bachelor's degree from Northeastern University, China, in 2016.


Recent News

... [08/2022] Our paper on "Automatic Detection of Java Cryptographic API Misuses: Are We There Yet?" has been selected for presentation at ASE’22

... [03/2022] Our paper on " Example-Based Vulnerability Detection and Repair in Java Code " is accepted by 30th IEEE/ACM International Conference on Program Comprehension (ICPC 2022)

... [02/2022] Our paper on "Automatic Detection of Java Cryptographic API Misuses: Are We There Yet?" is accepted by Transactions on Software Engineering (TSE)


Internship Experience

... Application Security Team @ ByteDance

May 2021 - Augest 2021

... Talent Insight Team @ Linkedin

May 2022 - Augest 2022

Ongoing Research Projects

Automatic detection and repair of security vulnerabilities related to API misuses

Dynamic symbolic execution test on Rust...


Selected Publications

Example-Based Vulnerability Detection and Repair in Java Code

Ying Zhang, Ya Xiao, Mahir Kabir, Danfeng (Daphne)Yao, Na Meng

30th IEEE/ACM International Conference on Program Comprehension (ICPC 2022)

Automatic Detection of Java Cryptographic API Misuses: Are We There Yet?

Ying Zhang, Mahir Kabir, Ya Xiao, Danfeng (Daphne)Yao, Na Meng

Transactions on Software Engineering (TSE)

Data-Driven Vulnerability Detection and Repair in Java Code

Ying Zhang, Mahir Kabir, Ya Xiao, Danfeng (Daphne)Yao, Na Meng

RWS - A Roulette Wheel Scheduler For Preventing Execution Pattern Leakage

Ying Zhang, Lingxiang Wang, Wei Jiang, Zhishan Guo

Proceedings of the 24th IEEE Real-Time and Embedded Technology and Applications Symposium, BP Session, Porto, Portugal, 2018.