Youkun Shi is a Postdoctoral Fellow in the Department of Computing at The Hong Kong Polytechnic University, working under the supervision of Prof. Daniel Xiapu Luo. He received the Ph.D. degree in June 2024 from Fudan University, advised by Prof. Yuan Zhang and Prof. Min Yang. His research focuses on system security, especially web security. To date, he has published several papers in top-tier venues, including USENIX Security, IEEE S&P, ACM CCS, NDSS and TIFS. He received the IEEE S&P Distinguished Paper Award (2025), ACM CCS Distinguished Paper Award (2025), ACM SIGWEB China Distinguished Doctoral Dissertation Award (2025) and PolyU Distinguished Postdoctoral Fellowship Scheme (2026). His research has been adopted by leading companies, including Alibaba and Huawei, and has been acknowledged in security advisories from major companies such as Google, Apache, and IBM.

Moreover, Youkun Shi is the co-founder of a great CTF Team at Fudan University, named Whitzard. The team has participated in numerous prestigious world-wide CTF competitions, achieving commendable rankings.

🔥 News

• [2026.03]  🎉 I am honored to serve as a Program Committee Member for AsiaCCS 2027, which will be held July 12–16, 2027, in Macau, China.
• [2026.01]  🎉 One paper accepted by USENIX Security 2026. Congrats Jiaqi!
• [2026.01]  🎉 I have been granted the PolyU Distinguished Postdoctoral Fellowship Scheme!
• [2025.12]  🎉 One paper accepted by NDSS 2026. Congrats Bocheng!
• [2025.10]  🎉 Our broken access control detection work on web apps received Distinguished Paper Award at ACM CCS 2025!
• [2025.10]  🎉 One talk accepted by BlackHat EUROPE 2025!
• [2025.09]  🎉 I have been awarded the 2025 ACM SIGWEB China Distinguished Doctoral Dissertation Award!
• [2025.09]  🎉 Two papers accepted by TIFS and TSE!

📖 Background

• 2024 - Present, Postdoc, The Hong Kong Polytechnic University, Department of Computing.
• 2019 - 2024, Ph.D, Fudan University, School of Computer Science.
• 2015 - 2019, B.Eng, China University of Mining and Technology, School of Computer Science.

📝 Publications

👍🏻 Lead Publications

1. TIFS'25 Facilitating Access Control Vulnerability Detection in Modern Java Web Applications with Accurate Permission Check Identification PDF
   Youkun Shi, Fengyu Liu, Guangliang Yang, Yuan Zhang, Yinzhi Cao, Enhao Li, Xin Tan, Xiapu Luo, Min Yang, Siyi Chen.
   In IEEE Transactions on Information Forensics and Security, 2025.
   CCF-A, Top Security Journal

2. TSE'25 PHPJoy: A Novel Extended Graph-based PHP Code Analysis Framework PDF
   Youkun Shi, Yuan Zhang, Tianhan Luo, Guangliang Yang, Shengke Ye, Chengyu Yang, Fengyu Liu, Xiapu Luo, Min Yang.
   In IEEE Transactions on Software Engineering, 2025.
   CCF-A, Top Software Engineering Journal

3. USENIX SEC'25 XSSky: Detecting XSS Vulnerabilities through Local Path-Persistent Fuzzing PDF
   Youkun Shi, Yuan Zhang, Tianhao Bai, Feng Xue, Jiarun Dai, Fengyu Liu, Lei Zhang, Xiapu Luo, Min Yang.
   In Proceedings of the 34th USENIX Security Symposium (USENIX SEC), August, 2025.
   CCF-A, Security BIG4 Conference

4. S&P'25 MOCGuard: Automatically Detecting Missing-Owner-Check Vulnerabilities in Java Web Applications PDF
   Fengyu Liu^*, Youkun Shi^*, Yuan Zhang, Guangliang Yang, Enhao Li, Min Yang (* co-first authors).
   In Proceedings of the 46th IEEE Symposium on Security and Privacy (S&P), May 2025.
   CCF-A, Security BIG4 Conference

5. WWW'24 RecurScan: Detecting Recurring Vulnerabilities in PHP Web Applications PDF
   Youkun Shi, Yuan Zhang, Tianhao Bai, Lei Zhang, Xin Tan, Min Yang.
   In Proceedings of the 33rd ACM Web Conference (WWW), May, 2024.
   CCF-A, Top Web Research Conference

6. ASE'22 Precise (Un)Affected Version Analysis for Web Vulnerabilities PDF
   Youkun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Min Yang.
   In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), October, 2022.
   CCF-A, Top Software Engineering Conference

7. USENIX SEC'22 Backporting Security Patches of Web Applications PDF
   Youkun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Yinzhi Cao, Ziwen Wang, Yudi Zhao, Zongan Huang, Min Yang.
   In Proceedings of the 31st USENIX Security Symposium (USENIX SEC), August, 2022.
   CCF-A, Security BIG4 Conference

🤝 Co-Authored Publications

1. USENIX SEC'26 Autonomy Comes with Costs: Detecting Denial-of-Service Vulnerabilities Caused by Resource Abusing in LLM-based Agents PDF
   Jiaqi Luo, Jiarun Dai, Fengyu Liu, Songyang Peng, Youkun Shi, Tong Bu, Geng Hong, Xudong Pan, Yuan Zhang.
   In Proceedings of the 35th USENIX Security Symposium (USENIX SEC), August, 2026.
   CCF-A, Security BIG4 Conference

2. NDSS'26 LinkGuard: A Lightweight State-Aware Runtime Guard Against Link Following Attacks in Windows File System PDF
   Bocheng Xiang, Yuan Zhang, Hao Huang, Fengyu Liu, Youkun Shi.
   In Proceedings of the Network and Distributed System Security (NDSS) Symposium 2026, February 2026.
   CCF-A, Security BIG4 Conference

3. CCS'25 BACScan: Automatic Black-Box Detection of Broken-Access-Control Vulnerabilities in Web Applications PDF Distinguished Paper Award
   Fengyu Liu, Yuan Zhang, Enhao Li, Wei Meng, Youkun Shi, Qianheng Wang, Chenlin Wang, Zihan Lin, Min Yang.
   In Proceedings of the 32nd ACM Conference on Computer and Communications Security (CCS), October 2025.
   CCF-A, Security BIG4 Conference

4. USENIX SEC'25 Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents PDF
   Fengyu Liu, Yuan Zhang, Jiaqi Luo, Jiarun Dai, Tian Chen, Letian Yuan, Zhengmin Yu, Youkun Shi, Ke Li, Chengyuan Zhou, Hao Chen, Min Yang.
   In Proceedings of the 34th USENIX Security Symposium (USENIX SEC), August, 2025.
   Presented at BlackHat EUROPE 2025 [Talk Abstract]
   CCF-A, Security BIG4 Conference

5. S&P'25 Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications PDF Distinguished Paper Award
   Fengyu Liu, Yuan Zhang, Tian Chen, Youkun Shi, Guangliang Yang, Zihan Lin, Min Yang, Junyao He, Qi Li.
   In Proceedings of the 46th IEEE Symposium on Security and Privacy (S&P), May 2025.
   Presented at BlackHat USA 2025 [Talk Abstract]
   CCF-A, Security BIG4 Conference

🎖 Honors and Awards

• 2025, Distinguished Doctoral Dissertation Award, ACM SIGWEB China (2 recipients annually)
• 2025, Distinguished Paper Award, 32nd ACM Conference on Computer and Communications Security (<1% submission)
• 2025, Distinguished Paper Award, 46th IEEE Symposium on Security and Privacy (<1% submission)
• 2024, Huawei TopMinds Program Offer
• 2024, Outstanding PhD Graduates, Shanghai (Top 5%)
• 2024, Academic Star, Fudan University (10 recipients annually)

🌟 Fellowships and Grants

• 2026.3 - 2028.2, PolyU Distinguished Postdoctoral Fellowship Scheme (Funded by The Hong Kong Polytechnic University (PolyU))
• 2025.9 - 2026.2, RTH-ITF Research Talent Postdoctoral Fellowship (Funded by Innovation and Technology Fund (ITF))
• 2021 - 2022, National Scholarship for Ph.D. Candidates (Top 0.2% nationwide)
• 2017 - 2018, National Scholarship for B.S. Candidates (Top 0.2% nationwide)
• 2016 - 2017, National Scholarship for B.S. Candidates (Top 0.2% nationwide)

🏆 Skill Competitions

• 2021, 🏆 Champion, 6th XCTF International League (Final Round)
• 2021, 🏆 Champion, 2nd XiangYun Cup Cybersecurity Competition (Final Round)
• 2020, 🏆 Champion, 4th X-NUCA Cybersecurity Competition (Final Round)
• 2020, 🏆 Champion, 13th National College Student Information Security Contest (Final Round)
• 2020, 🏆 Champion, 4th Hangzhou Cybersecurity Skills Competition (Final Round)
• 2019, 🏆 Champion, 3rd X-NUCA Cybersecurity Competition (Final Round)
• 2019, 🥈 Runner-up, 5th XCTF International League (Final Round)
• 2019, 🥈 Runner-up, 1st OGeek Cup Cybersecurity Competition (Final Round)
• 2019, 🏆 Champion, 3rd Tencent RisingStar Cybersecurity Competition (Final Round)
• 2019, 🏆 Champion, 3rd Hangzhou Cybersecurity Skills Competition (Final Round)
• 2018, 🏆 Champion, 2nd Hangzhou Cybersecurity Skills Competition (Final Round)

👨‍💻 Services

Journal Reviewing

• TIFS IEEE Transactions on Information Forensics and Security

• TDSC IEEE Transactions on Dependable and Secure Computing

• TNET IEEE Transactions on Networking

• TOPS ACM Transactions on Privacy and Security

Conference Reviewing

Program Committee Member

• 2027: AsiaCCS

Sub-Reviewer

• 2026：WWW, DSN, IWQoS, ACISP, AsiaCCS
• 2025：INFOCOM, IWQoS, ISSRE, ESORICS, ISSCC, AsiaCCS, ICICS
• 2024：USENIX Security, NDSS, CCS
• 2023：USENIX Security, IEEE S&P, NDSS
• 2022：USENIX Security, IEEE S&P, WWW, ESORICS, AsiaCCS