个人简介

何艺，武汉大学武汉数学与智能研究院研究员。2024年博士毕业于清华大学，导师为李琦老师。曾担任网易游戏资深工程师，有丰富的大型项目开发管理经验。研究方向为系统安全，包括Android和IoT安全、云安全，发表Usenix Security, CCS, NDSS, TDSC等CCF-A论文十多篇，担任多个顶会的审稿人。研究成果应用于美团、华为和长虹等公司。详见：https://heyi.sh

研究方向

教育背景

工作经验

教授课程

发表论文

[1] Yi He, Yunchao Guan, Ruoyu Lun, Shangru Song, Zhihao Guo, Jianwei Zhuge, Jianjun Chen, Qiang Wei , Zehui Wu , Miao Yu , Shi Hetian, Qi Li. Demystifying the Security Implications in IoT Device Rental Services. Useinx Security 2024.

[2] Yue Xiao, Yi He, Xiaoli Zhang, Qian Wang, Renjie Xie, Kun Sun, Ke Xu, Qi Li. From Hardware Fingerprint to Access Token: Enhancing the Authentication on IoT Devices. NDSS 2024.

[3] Hetian Shi, Yi He, Qing Wang, Jianwei Zhuge, Qi Li, Xin Liu. Laser-Based Command Injection Attacks on Voice-Controlled Microphone Arrays. CHES 2024.

Yuhao Wu, Jinwen Wang, Yujie Wang, Shixuan Zhai, Zihan Li, Yi He, Kun Sun, Qi Li, Ning Zhang. Your Firmware Has Arrived: A Study of Firmware Update Vulnerabilities. Usenix Security 2024.

[4] Xijia Che, Yi He, Xuewei Feng, Kun Sun, Ke Xu, Qi Li. BlueSWAT: A Lightweight State-Aware Security Framework for Bluetooth Low Energy. CCS 2024.

[5] Yi He, Roland Guo, Yunlong Xing, Xijia Che, Kun Sun, Zhuotao Liu, Ke Xu, Qi Li. Cross Container Attacks: The Bewildered eBPF on Clouds. Useinx Security 2023.

[6] Yi He, Yacong Gu, Purui Su, Kun Sun, Yajin Zhou, Zhi Wang, Qi Li. A Systematic Study of Android Non-SDK (Hidden) Service API Security. IEEE Transactions on Dependable and Secure Computing (Volume 20, Issue 2, March-April 2023)

[7] Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, Qi Li. RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. Useinx Security 2022.

[8] Yi He, Yuan Zhou, Yajin Zhou, Qi Li, Kun Sun, Yacong Gu, Yong Jiang. JNI global references are still vulnerable: Attacks and defenses. IEEE Transactions on Dependable and Secure Computing ( Volume: 19, Issue: 1, 01 Jan.-Feb. 2022)

[9] Jingwen Fan, Yi He, Bo Tang, Qi Li, Ravi Sandhu. Ruledger: Ensuring Execution Integrity in Trigger-Action IoT Platforms. Infocom 2021.

专利：

[1] 应用程序的认证方法、装置及系统。中国发明专利，CN109086596，授权日期：2022.03.22，申请人：何艺。

[2] 应用程序版本兼容的处理方法及装置。中国发明专利，CN109032820，授权日期：2021.02.12，申请人：何艺。

[3] 应用数据处理方法及装置。中国发明专利，CN108933838，授权日期：2022.07.29，申请人：何艺。

[4] 一种针对嵌入式物联网设备漏洞的热修复方法及装置, 中国发明专利，CN115268983，授权日期：2023.04.07，申请人：李琦，何艺，徐恪，张晗，刘卓涛，邹振华。

课题科研

研究团队

获奖信息