Photo

Mengyuan Li

Assistant Professor [Google Scholar]

Thomas Lord Department of Computer Science
University of Southern California

E-mail: mengyuanli@usc.edu .

About me

Mengyuan Li is an Assistant Professor of Computer Science Department at University of Southern California. Prior to that, he was a postdoc researcher in CSAIL at MIT (2022 - 2024), working with Prof. Mengjia Yan. Mengyuan graduated from  The Ohio State University (OSU) with a Ph.D. in Computer Science and Engineering in 2022, advised by Prof. Yinqian Zhang. Before coming to OSU, he graduated from Shanghai Jiao Tong University (SJTU) with the Bachelor's degree of Electronic Engineering in 2016.


Research Summary

The increasing importance of a trustworthy computing environment signals the dawn of a new era in computer security. My research has focused on the integration of advanced hardware technologies with software systems. This fusion is essential for securing computation and safeguarding data privacy while achieving optimal performance, spanning a range of platforms from personal devices to cloud computing servers. My primary areas of interest include:

Related Research Keywords: Side-channel attacks, Confidential computing, Trusted Execution Environment (TEE), micro-architectural attacks, CPU and GPU security and architecture, program analysis, reverse engineering, software-hardware co-design, etc.


SEPT Lab

I lead the SEPT Lab (SEcurity, Privacy, and Trust), where we focus on cutting-edge research in systems and security. We are actively looking for motivated PhD, MS, and undergraduate students passionate about these fields. Applicants from diverse backgrounds are strongly encouraged to apply. If you're interested in joining us, feel free to reach out via email.


Publication

  • Bridge the Future: High-Performance Networks in Confidential VMs without Trusted I/O devices [arxiv]
    Mengyuan Li, Shashvat Srivastava, Mengjia Yan
    Under Submission.

  • SoK: Understanding Design Choices and Pitfalls of Trusted Execution Environments [pdf]
    Mengyuan Li, Yuheng Yang, Guoxing Chen, Mengjia Yan, Yinqian Zhang
    ACM ASIACCS'24.

  • CipherH: Automated Detection of Ciphertext Side-channel Vulnerabilities in Cryptographic Implementations [pdf]
    Sen Deng, Mengyuan Li, Yining Tang, Shuai Wang, Shoumeng Yan, Yinqian Zhang
    USENIX Security Symposium'23.

  • PWRLEAK: Exploiting Power Reporting Interface for Side-channel Attacks on AMD SEV [pdf]
    Wubing Wang, Mengyuan Li, Yinqian Zhang, Zhiqiang Lin
    20th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2023).
    Security bulletin from AMD [AMD-SB-3004], CVE [CVE-2023-20575]

  • A Systematic Look at Ciphertext Side Channels [pdf]
    Mengyuan Li*, Luca Wilke*, Jan Wichelmann, Thomas Eisenbarth, Radu Teodorescu, Yinqian Zhang
    (*equal contribution)
    IEEE Symposium on Security and Privacy'22. (Acceptance rate: 57/407=14.0%)
    Security bulletin from AMD [AMD-SB-1033], CVE [CVE-2021-46744]
    💥An official [White Paper] from AMD for TEE developers and users to write code in a Ciphertext Side-channel-resistant way.

  • vSGX: Virtualizing SGX Enclaves on AMD SEV [pdf]
    Shixuan Zhao, Mengyuan Li, Yinqian Zhang, Zhiqiang Lin
    IEEE Symposium on Security and Privacy'22. (Acceptance rate: 54/327=15.2%)

  • TLB Poisoning Attacks on AMD Secure Encrypted Virtualization [pdf]
    Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, Yueqiang Chen
    The 2021 Annual Computer Security Applications Conference (ACSAC 2021). (Acceptance rate: 56/326=15.2%)
    Security bulletin from AMD [AMD-SB-1023], CVE [CVE-2021-26340], Announcement from Lenovo, Related Patents from Baidu X-lab[1,2,3]

  • CROSSLINE: Breaking "Security-by-Crash" based Memory Isolation in AMD SEV [pdf] [bib]
    Mengyuan Li, Yinqian Zhang, Zhiqiang Lin
    ACM Conference on Computer and Communications Security'21, Nov. 2021. (Acceptance rate: 196/879=22.3%)
    Best Paper Awards (Runner-Ups) (14/879=1.6%) [plaque][link]

  • CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel [pdf] [bib] [patent]
    Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, Yueqiang Chen
    USENIX Security Symposium'21, Virtual, Aug. 2021. (Website) (Acceptance rate: 248/1319=18.8%)
    AMD filed an embargo for the ciphertext side channel identified in the paper and announced a security bulletin together with a hardware patch for SEV-SNP in August 2021 [CVE-2020-12966]. Related Patents from Baidu Security X-lab[1,2,3]

  • Defeating speculative-execution attacks on SGX with HyperRace [pdf] [bib]
    Guoxing Chen, Mengyuan Li, Fengwei Zhang, Yinqian Zhang
    IEEE Conference on Dependable and Secure Computing'19, Hangzhou, China, Nov. 2021.

  • Exploiting Unprotected I/O Operations in AMD’s Secure Encrypted Virtualization [pdf] [bib]
    Mengyuan Li, Yinqian Zhang, Zhiqiang Lin, Yan Solihin
    USENIX Security Symposium'19, Santa Clara, CA, Aug. 2019. (Acceptance rate: 113/697=16.2%)

  • Peeking Behind the Curtains of Serverless Platforms [pdf] [Github] [bib]
    Liang Wang, Mengyuan Li, Yinqian Zhang, Thomas Ristenpart, Michael Swift
    USENIX ATC'18, Boston, MA, USA, July. 2018. (Acceptance rate: 76/378=20.1%)

  • Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves [pdf] [arxiv] [Github] [bib]
    Yuan Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
    ACM Conference on Computer and Communications Security'17, Dallas, TX, USA, Oct. 2017. (Acceptance rate: 151/843=17.9%)

  • When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals [pdf] [slides] [bib]
    Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, Na Ruan
    ACM Conference on Computer and Communications Security'16, Vienna, Austria, Oct. 2016. (Acceptance rate: 137/831=16.5%)
    ( Demo and Youtube video). Media Coverage: The Register, The TechNews, Techworm, SPIEGEL ONLINE, Silicon, Fossbytes, Bitport

Professional Services

    Program Committee

    • ACM Conference on Computer and Communications Security (CCS) 2024      
    • IEEE European Symposium on Security and Privacy (EuroS&P) 2024      
    • International Conference on Applied Cryptography and Network Security (ACNS) 2023      

    Reviewer

    • IEEE Transactions on Dependable and Secure Computing (TDSC) 2021, 2022, 2023      
    • IEEE Transactions on Parallel and Distributed Systems (TPDS) 2023      
    • IEEE Transactions on Mobile Computing (TMC) 2021, 2022      
    • IEEE/ACM Transactions on Networking (TNET) 2021, 2022      
    • IEEE Transactions on Emerging Topics in Computing (TETCSI) 2022      

    External Reviewer

    • IEEE Symposium on Security and Privacy (Oakland) 2020, 2022, 2023      
    • ACM Conference on Computer and Communications Security (CCS) 2019, 2020, 2022, 2023      
    • USENIX Security Symposium 2021      
    • ISOC Network and Distributed System Security Symposium (NDSS) 2019      
    • ACM Asia Conference on Computer and Communications Security (AsiaCCS) 2020      
    • ACM Cloud Computing Security Workshop (CCSW)2021