Chuan Yue

Chuan Yue

Professor
Department of Computer Science

About

Chuan Yue is a Professor of Computer Science at the Colorado School of Mines (Mines). His current research focuses on Cybersecurity, especially on (1) Web, Mobile, Cloud, CPS/IoT, and AI systems security, (2) usable security and privacy, (3) vulnerability measurement and analysis, and (4) cybersecurity education. His broad research interests include Security and Privacy, Web-based Systems, Human-Computer Interaction, Collaborative Computing, Distributed and Parallel Computing, Cloud Computing, and Mobile Computing. His research and educational activities have been supported by NSF, DOD, and Meta (big thanks!). He is the founder and current point of contact (POC) of the Center for Cyber Security and Privacy (CCSP) at Mines. He is a Daniels Fund Faculty Fellow from 2016 to 2019 (on incorporating ethics instruction into security and privacy courses). He received his B.E. and M.E. degrees in Computer Science from the Xidian University, China, in 1996 and 1999, respectively, and his Ph.D. in Computer Science from the College of William and Mary in 2010. He worked as a Member of Technical Staff at Bell Labs China, Lucent Technologies for four years from 1999 to 2003, mainly on the design and development of the Web-based Distributed Service Management System for Intelligent Network. He worked as an Assistant Professor of Computer Science at the University of Colorado Colorado Springs (UCCS) for five years (and commuted between Denver and Colorado Springs for four years) before joining Mines.

Education

  • B.E. in Computer Science, Xidian University, 1996
  • M.E. in Computer Science, Xidian University, 1999
  • PhD in Computer Science, College of William and Mary, 2010

Research

  • Cybersecurity
  • Web, Mobile, Cloud, CPS/IoT, and AI Systems Security
  • Usable Security and Privacy
  • Vulnerability Measurement and Analysis
  • Cybersecurity Education

Teaching

Teaching at Colorado School of Mines (Mines)

  • CSCI 585: Information Security and Privacy, Fall 2020, Fall 2022~2023
  • CSCI 474/574: Introduction to Cryptography/Theory of Cryptography, Spring 2018~2021, Spring 2023~2024
  • CSCI 475/585: Information Security and Privacy, Fall 2018~2019
  • CSCI 585 Online: Information Security and Privacy, Fall 2019
  • CSCI 474/598: Introduction to Cryptography, Spring 2016~2017
  • CSCI 475/598: Information Security and Privacy, Fall 2016~2017
  • CSCI 598: Security & Privacy in Systems, Fall 2015

Previous Teaching at UCCS: 6 courses, 18 times, and an award.

Students

PhD Students

 

  • Current PhD Students: Khalid Alkhattabi, Mengxia Ren, Anhao Xiang, Shane McFly, Jordan Peterson, Thien Ngo Le (co-advising with Dr. Guannan Liu)
  • Graduated PhD Students:
    • Rui Zhao (December 2016; decided to pursue a career in academia.)(Recipient of the 2016 university-level Rath Award for the Best PhD Thesis with the Potential for the Greatest Societal Impact.)(Recipient of the 2015 Outstanding CS PhD Student Award at UCCS.)
    • Matthew Sanders (May 2019; pursued his PhD degree while working full-time in industry, and completed his PhD thesis with high quality.)
    • Yi Qin (May 2021; decided to pursue a career in industry.)
    • Zhiju Yang (August 2021; decided to pursue a career in academia.)
    • Ahmed Alshehri (August 2022; decided to pursue a career in industry.)
    • Weiping Pei (August 2022; decided to pursue a career in academia.)(Recipient of the 2021 Outstanding CS PhD Student Award at Mines.)(Distinguished Nominee of the 2022 university-level Rath Award for the Best PhD Thesis with the Potential for the Greatest Societal Impact.)

Visiting Scholars

  •  Prof. Tao Feng at the Yunnan University of Finance and Economics (July 2017 ~ May 2018)

Master Students

  • Current Master Students: TBD
  • Graduated Master Students (at Mines): Kento Okamoto, Ryan Hunt, Michael Hughes, Yanina Likhtenshteyn, Riley Miller, Johnny Zeng,
    Thien Ngo Le, Leo Chely, Vincent Morgan (co-advised with Dr. Phil Romig), Jaren Peckham (co-advised with Dr. Phil Romig)
  • Graduated Master Students (at UCCS): Jeff Hinson, Christopher Shuster, Derrick Erickson, Anitha Tadimalla, Alex Renger, Xiang Tan, Robert Lancaster

Undergraduate Research Assistants (my PhD students help or helped advise most of them.)

  • Sponsoring or Advising Undergraduate Research Assistants in 2022~2023: Joshua Josey, Austin Getz, Brooke Bowcutt, Lucas Bowar, Hayden Cooreman, Ryan Miller, Tyler Wright
  • Sponsored or Advised Undergraduate Research Assistants in 2021~2022: Joshua Josey, Eugin Pahk, Joseph Spielman, Jacob Parker, Kai Miller, Davita Bird, Christopher Engel, Amiya Prasad
  • Sponsored or Advised Undergraduate Research Assistants in Summer 2021: Luke Beukelman, Leon Wan, Ethan Maestas
  • Sponsored or Advised Undergraduate Research Assistants in 2020~2021: Jhonathan Malagon, Sophia Collins, Max Gawason, James Singleton,
    Amiya Prasad, Joseph Spielman, Nathan Gavelek, Benjamin Breisch, Christopher Engel, Michelle Torres-Ortiz, Jacob Parker, Eugin Phak, Kai Miller, Davita Bird
  • Sponsored or Advised Undergraduate Research Assistants in Summer 2020: Cole Smith, John Simpson, Elizabeth Holter, Ethan Maestas
  • Sponsored or Advised Undergraduate Research Assistants in 2019~2020: Leo Chely, Andrew Harelson, Kaylynn Tu, Gazi Mahbub-Morshed, Matthew Lynn-goin
  • Sponsored or Advised Undergraduate Research Assistants in 2018~2019: Riley Miller, Jacob Granley, Arthur Mayer, Kaylynn Tu, Andrew Harelson, Nicholas Redhorse, Fisher Darling
  • Sponsored or Advised Undergraduate Research Assistants in 2017~2018: Grant Schmaedick, Riley Miller, Jacob Granley, Jordan Vickers, Arthur Mayer
  • Sponsored or Advised Undergraduate Research Assistants in 2016~2017: Bernardo Trindade, Marcus Tonsmann, John Galbavy, Xiaoyang Liu, Anthony Roebuck
  • Previously Sponsored Undergraduate Research Assistants at UCCS: Stacy Karas, Daniel Six, Aaron Batilo, Christopher Varga, Michael Pease, Joanne Wood

High School Research Assistants

  • Advised High School Research Assistants in Summer 2023: Matthew Hu, Aryamann Sheoran, Emilio Leyva (Mengxia Ren helped advise them.)
  • Advised a group of high schoolers including Andrew Plute, Vincent Nguyen, Alexander Bieniek, etc.
    in our DoD CySP Cyber-REACH 2022 Summer Research Camp (Anhao Xiang, Mengxia Ren, and Weiping Pei helped advise them.)
  • Advised a group of high schoolers including Leah Jo Maloney, Nabil Djaber, John Pumayalli, Abhinav Vemulapalli, Caleb Cox, and Jennifer Lalone
    in our DoD CySP Cyber-REACH 2021 Summer Research Camp (Mengxia Ren helped advise them.)
  • Advised High School Research Assistants in Summer 2020: Kai Hoshijo, Ava Ward, Dylan Knudsen (Weiping Pei helped advise them.)
  • Advised High School Research Assistants in 2019~2020: Cailean Albert (Ahmed Alshehri helped advise Cailean.)
  • Advised High School Research Assistants in 2017~2018: Sonia Chu (Yi Qin helped advise Sonia.)

Selected Publications (full list)

    • PolicyChecker: Analyzing the GDPR Completeness of Mobile Apps’ Privacy Policies.[pdf]
      By Anhao Xiang, Weiping Pei, and Chuan Yue. In proceedings of the ACM Conference on Computer and Communications Security (CCS), 2023.
    • A Tale of Two Communities: Privacy of Third Party App Users in Crowdsourcing – The Case of Receipt Transcription.[pdf]
      By Weiping Pei, Yanina Likhtenshteyn, and Chuan Yue. In proceedings of the ACM on Human-Computer Interaction:
      ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW), 2023.
    • Coverage and Secure Use Analysis of Content Security Policies via Clustering.[pdf]
      By Mengxia Ren and Chuan Yue. In proceedings of the IEEE European Symposium on Security and Privacy (Euro S&P), 2023
    • Exploring the Negotiation Behaviors of Owners and Bystanders over Data Practices of Smart Home Devices.[pdf]
      By Ahmed Alshehri, Eugin Pahk, Joseph Spielman, Jacob Parker, Benjamin Gilbert, and Chuan Yue.
      In proceedings of the ACM CHI Conference on Human Factors in Computing Systems (CHI), 2023
    • Generating Content-Preserving and Semantics-Flipping Adversarial Text.[pdf]
      By Weiping Pei and Chuan Yue. In proceedings of the ACM ASIA Conference on Computer and Communications Security (AsiaCCS), 2022
    • Exploring the Privacy Concerns of Bystanders in Smart Homes from the Perspectives of both Owners and Bystanders.[pdf]
      By Ahmed Alshehri, Joseph Spielman, Amiya Prasad, and Chuan Yue. In proceedings of the Privacy Enhancing Technologies Symposium (PETS), 2022.
    • Fuzzing-Based Hard-Label Black-Box Attacks Against Machine Learning Models.[pdf]
      By Yi Qin and Chuan Yue. In Journal of Computers & Security (COMPSEC), Elsevier, 117: 102694, 2022.
    • WtaGraph: Web Tracking and Advertising Detection using Graph Neural Networks.[pdf]
      By Zhiju Yang, Weiping Pei, Monchu Chen, and Chuan Yue. In proceedings of the IEEE Symposium on Security and Privacy (S&P), 2022.
    • Quality Control in Crowdsourcing based on Fine-Grained Behavioral Features.[pdf]
      By Weiping Pei, Zhiju Yang, Monchu Chen, and Chuan Yue. In proceedings of the ACM on Human-Computer Interaction:
      ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW), 2021.
    • Attention Please: Your Attention Check Questions in Survey Studies Can Be Automatically Answered.[pdf]
      By Weiping Pei, Arthur Mayer, Kaylynn Tu, and Chuan Yue. In proceedings of The Web Conference (formerly known as The WWW Conference), 2020.
    • A Comparative Measurement Study of Web Tracking on Mobile and Desktop Environments.[pdf]
      By Zhiju Yang and Chuan Yue. In proceedings of the Privacy Enhancing Technologies Symposium (PETS), 2020.
    • Distinguishability of Adversarial Examples.[pdf]
      By Yi Qin, Ryan Hunt, and Chuan Yue. In proceedings of the International Conference on Availability, Reliability and Security (ARES), 2020.
    • Security and Privacy Analysis of Android Family Locator Apps.[pdf]
      By Khalid Alkhattabi, Ahmed Alshehri, and Chuan Yue. In proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2020.
    • Visualizing and Interpreting RNN Models in URL-based Phishing Detection.[pdf]
      By Tao Feng and Chuan Yue. In proceedings of the ACM Symposium on Access Control Models and Technologies (SACMAT), 2020.
    • Attacking and Protecting Tunneled Traffic of Smart Home Devices.[pdf]
      By Ahmed Alshehri, Jacob Granley, and Chuan Yue. In proceedings of the ACM Conference on Data and Applications Security (CODASPY), 2020.
    • Mining Least Privilege Attribute Based Access Control Policies.[pdf],[slides],[code]
      By Matthew Sanders and Chuan Yue. In proceedings of the Annual Computer Security Applications Conference (ACSAC), 2019.
    • Sensor-based Mobile Web Cross-site Input Inference Attacks and Defenses.[pdf]
      By Rui Zhao, Chuan Yue, and Qi Han. In IEEE Transactions on Information Forensics and Security (TIFS), 2019.
    • Minimizing Privilege Assignment Errors in Cloud Services. (Outstanding Paper Award!) [pdf]
      By Matthew Sanders and Chuan Yue. In proceedings of the ACM Conference on Data and Applications Security (CODASPY), 2018.
    • Design and Evaluation of the Highly Insidious Extreme Phishing Attacks.[pdf]
      By Rui Zhao, Samantha John, Stacy Karas, Cara Bussell, Jennifer Roberts, Daniel Six, Brandon Gavett, and Chuan Yue.
      In Journal of Computers & Security (COMPSEC), Elsevier, 70: 634–647, 2017.
    • Phishing Suspiciousness in Older and Younger Adults: The Role of Executive Functioning.[pdf]
      By Brandon Gavett, Rui Zhao, Samantha John, Cara Bussell, Jennifer Roberts, and Chuan Yue. In Journal of PLoS ONE, 12(2): e0171620, 2017.
    • Teaching Computer Science with Cybersecurity Education Built-in.[pdf]
      By Chuan Yue. In proceedings of the USENIX Workshop on Advances in Security Education (ASE), 2016.
    • Sensor-based Mobile Web Fingerprinting and Cross-site Input Inference Attacks (a position paper).[pdf]
      By Chuan Yue. In proceedings of the IEEE Workshop on Mobile Security Technologies (MoST), 2016.
      (My slides can be accessed from the workshop website.)
    • SafeSky: A Secure Cloud Storage Middleware for End-user Applications.[pdf]
      By Rui Zhao, Chuan Yue, Byungchul Tak, and Chunqiang Tang. In proceedings of the IEEE Symposium on Reliable Distributed Systems (SRDS), 2015.
    • Automatic Detection of Information Leakage Vulnerabilities in Browser Extensions.[pdf]
      By Rui Zhao, Chuan Yue, and Qing Yi. In proceedings of the International World Wide Web Conference (WWW), 2015.
    • Toward A Secure and Usable Cloud-based Password Manager for Web Browsers.[pdf]
      By Rui Zhao and Chuan Yue. In Journal of Computers & Security (COMPSEC), Elsevier, 46(3): 32–47, 2014.
      (This is an extended version of our CODASPY’13 conference paper “All Your Browser-saved Passwords Could Belong to Us: a Security Analysis and a Cloud-based New Design”,
      which was reported by The Oregonian in March 2014, and has prompted at least one top Web browser vendor to make some important changes in its password manager feature.)
    • The Devil is Phishing: Rethinking Web Single Sign-On Systems Security.[pdf]
      By Chuan Yue. In proceedings of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2013.
    • A Measurement Study of Insecure JavaScript Practices on the Web. [pdf]
      By Chuan Yue and Haining Wang. In ACM Transactions on the Web (TWEB), 7(2): 1–39, 2013.
      (This is an extended version of our WWW’09 conference paper “Characterizing Insecure JavaScript Practices on the Web”.)
    • Preventing the Revealing of Online Passwords to Inappropriate Websites with LoginInspector. (Best Paper Award!) [pdf]
      By Chuan Yue. In proceedings of the USENIX Large Installation System Administration Conference (LISA), 2012.
    • Using Amazon EC2 in Computer and Network Security Lab Exercises: Design, Results, and Analysis.[pdf]
      By Chuan Yue, Weiying Zhu, Greg Williams, and Edward Chow. In proceedings of the 119th ASEE Annual Conference and Exposition, 2012.
    • BogusBiter: A Transparent Protection Against Phishing Attacks. [pdf]
      By Chuan Yue and Haining Wang. In ACM Transactions on Internet Technology (TOIT), 10(2): 1–31, 2010.
      (This is an extended version of our ACSAC’08 conference paper “Anti-Phishing in Offense and Defense”.)
      (One U.S. utility patent has been granted to us for this anti-phishing work!)
    • SessionMagnifier: A Simple Approach to Secure and Convenient Kiosk Browsing. [pdf]
      By Chuan Yue and Haining Wang. In proceedings of the International Conference on Ubiquitous Computing (Ubicomp), 2009.
      (One U.S. utility patent has been granted to us for this kiosk browsing work!)
    • RCB: A Simple and Practical Framework for Real-time Collaborative Browsing.[pdf]
      By Chuan Yue, Zi Chu, and Haining Wang. In proceedings of the USENIX Annual Technical Conference (USENIX ATC), 2009.
      (This work was reported by MIT’s Technology Review and the Computer Power User magazine.)

Professional Services

Institution Level Significant Services

  • Successfully completed the NSA/DHS National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) Program applications for Mines in 2016 and 2021.
  • Successfully completed the NSA Information Assurance Courseware Evaluation (IACE) Program application (Approval Letter), NSA/DHS National Centers of Academic Excellence
    in Information Assurance Education (CAE/IAE) Program application (Approval Letter), and NSA/DHS CAE-CDE) Program application for UCCS in 2011, 2012, and 2014, respectively.

 

Research and Education Community Services 

  • ACM CODASPY 2023, ACL 2023, SciSec 2023, etc.
  • ACM CODASPY 2022, ICICS 2022, EMNLP 2022, AACL-IJCNLP 2022, etc.
  • ACM CODASPY 2021, ICICS 2021, etc.
  • ACM CODASPY 2020, IEEE/IFIP DSN 2020, etc.
  • ACM CODASPY 2019, etc.
  • ACM CODASPY 2018, IEEE ICC 2018, IEEE CCNC 2018, IFIP NTMS 2018
  • ACM CODASPY 2017, IEEE/IFIP DSN 2017, IEEE ICC 2017, IEEE CCNC 2017
  • ACM CODASPY 2016, IEEE ICC 2016, ACM AsiaCCS-AuthTech 2016, MobiSPC 2016, IFIP NTMS 2016, IEEE ICCCN 2016
  • ACM CODASPY 2015, ACM CCS 2015, IEEE ICC 2015, IEEE GLOBECOM 2015, IEEE ICCCN 2015, MobiSPC 2015, IEEE NAS 2015, IFIP NTMS 2015
  • ACM CODASPY 2014, IEEE ICNP 2014, IFIP NTMS 2014, IEEE ICC 2014, IEEE GLOBECOM 2014, IEEE NAS 2014, MobiSPC 2014, REUNS 2014
  • IEEE GLOBECOM 2013, IEEE ICC 2013, IEEE ICCCN 2013, CTS 2013, IEEE/CIC ICCC 2013, IEEE NAS 2013, InterCloud-HPC 2013, ICCVE 2013
  • IEEE GLOBECOM 2012, IEEE ICCCN 2012, COMPSAC 2012, ISSRE 2012, IEEE ISWPC 2012, IEEE NAS 2012, CTS 2012, IFIP NTMS 2012, ICCVE 2012
  • SecureComm 2011, IEEE NAS 2011, IEEE GLOBECOM 2011, ATNAC 2011, IEEE ICCCN 2011, IFIP NTMS 2011, IEEE ISWPC 2011, etc.
  • Other Journal and Conference Reviewing Activities
Chuan Yue headshot

Contact

Colorado School of Mines
Department of Computer Science
1500 Illinois St.
Golden, Colorado 80401
Office: CTLM 249
Tel: 303-384-2439
Email: chuanyue@mines.edu