This is Xin'an Zhou's permanent homepage. The homepage address is

Google Scholar Mastodon Twitter

He is currently a third-year Computer Security PhD candidate at the University of California, Riverside.

His advisor is Prof. Zhiyun Qian.

Email: xinan.zhou at

Before that, he obtained his bachelor's degree in Software Engineering from Fudan University.

His undergraduate advisors were Prof. Zhemin Yang, Prof. Min Yang, and Prof. Yuan Zhang.


(3/1/2023) Our work on Mobile-as-a-Gateway IoT has been accepted by Blackhat Asia 2023!

(11/7/2022) I attended ACM CCS '22 in person. Thank you my friends for the unforgettable memories together!

(10/9/2022) I'm joining the Artifact Evaluation Committee of Usenix Security '23. Welcome to submit your artifact!

(9/14/2022) Our SADDNS team got one in-person poster accepted by ACM CCS 2022!

(8/31/2022) I advanced to candidacy for PhD!

(8/26/2022) I got one paper on IoT Security accepted by ACM CCS 2022!

(6/10/2022) I obtained my Master's degree in Computer Science with 4.0 GPA.

(5/26/2022) I attended IEEE S&P '22 in person and delivered a short talk How to Own Website Accounts Using Weibo Single Sign-On Vulnerabilities.


[4] Dilemma in IoT Access Control: Revealing Novel Attacks and Design Challenges in Mobile-as-a-Gateway IoT [Link] [PDF]
Luyi Xing, Xin'an Zhou, Jiale Guan, Zhiyun Qian
Black Hat Asia 2023

[3] (An anonymous workshop paper)

[2] Perils and Mitigation of Security Risks of Cooperation in Mobile-as-a-Gateway IoT [PDF]
Xin'an Zhou, Jiale Guan, Luyi Xing, Zhiyun Qian
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security.

[1] DNS Cache Poisoning Attack: Resurrections with Side Channels [PDF]
Keyu Man, Xin'an Zhou, and Zhiyun Qian
Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.
Key Insight: Using ICMP as a side-channel to perform DNS Cache Poisoning Attacks.

Professional Services

Sub-reviewer: USENIX Security '21, IEEE S&P '21

Organizer: LGBTQIA+ and Allies Happy Hour at IEEE S&P '22, Queer in Security and Privacy Social Hour at ACM CCS '22

Volunteer: IEEE S&P '22







Selected Awards

IEEE Symposium on Security and Privacy 2022 Student Travel Grant

Full Win in Routers category at Pwn2Own Austin 2021 [Video] [Live Results]

China National Scholarship, 2015 (The highest undergrad honor in China)

China National Scholarship, 2016 (The highest undergrad honor in China)


ETenal  Kyr1os  Haobin Chen (Hiroki)


"Was aus Liebe getan wird, geschieht immer jenseits von Gut und Böse. (What is done out of love always takes place beyond good and evil.)"

--Friedrich Nietzsche