🧑‍💻 About Me

I am an Research Assistant Professor of Institute for Network Sciences and Cyberspace, Tsinghua University. My research focuses on enhancing the security of critical network infrastructures. I am broadly interested in network security, cellular system security, and data-driven approaches to security. My recent work investigates security vulnerabilities in 4G/5G cellular networks and the Public Key Infrastructure (PKI). Prior to my current position, I was a postdoctoral fellow at Tsinghua University from 2022 to 2024, co-advised by Professor Haixin Duan. I received my Doctoral degree in Computer Science and Technology at Tsinghua in 2022, and my Bachelor degree in Fundamental Science of Mathematics and Physics at Tsinghua in 2017.

📣 Hiring: our group is continuously looking for highly motivated PhD/Master/undergraduate students and research interns, please free to reach out via email (zhangyiming@tsinghua.edu.cn).

I also welcome academic collaborations in any form—please don’t hesitate to get in touch.

🔥 News

  • 2025.08: One paper accpeted by ACM IMC 2025.
  • 2025.07: I will serve as a TPC member of ACM IMC 2026.
  • 2025.05: Two papers accpeted by ACM IMC 2025.
  • 2025.02: Joined the Institute for Network Sciences and Cyberspace at Tsinghua as a faculty.
  • 2024.10: Two papers accpeted by NDSS 2025.

📝 Publications

(*: Equal Contribution; #: Corresponding Author)

2025

  • [Analyzing Compliance and Complications of Integrating Internationalized X.509 Certificates]. Mingming Zhang, Jinfeng Guo, Yiming Zhang#, Shenglin Zhang, Baojun Liu, Hanqing Zhao, Xiang Li, Haixin Duan, ACM IMC 2025 (CCF-B).
  • [Chaos in the Chain: Evaluate Deployment and Construction Compliance of Web PKI Certificate Chain]. Jia Yao, Yiming Zhang#, Baojun Liu#, Zhan Liu, Mingming Zhang, Haixin Duan, ACM IMC 2025 (CCF-B).
  • [Dive into the cloud: Unveiling the (Ab)usage of Serverless Cloud Function in the Wild]. Yijing Liu, Mingxuan Liu, Yiming Zhang#, Baojun Liu#, Jia Zhang, Geng Hong, Haixin Duan, Min Yang, ACM IMC 2025 (CCF-B).
  • NOKEScam: Understanding and Rectifying Non-Sense Keywords Spear Scam in Search Engines. Mingxuan Liu, Yunyi Zhang, Lijie Wu, Baojun Liu, Geng Hong, Yiming Zhang, Hui Jiang, Jia Zhang, Haixin Duan, Min Zhang, Wei Guan, Fan Shi, Min Yang. USENIX Security 2025 (CCF-A, Big4).
  • Invade the Walled Garden: Evaluating GTP Security in Cellular Networks. Yiming Zhang, Tao Wan, Yaru Yang, Haixin Duan, Yichen Wang, Jianjun Chen, Zixiang Wei, Xiang Li, IEEE SP 2025 (CCF-A, Big4).
  • Automatic Insecurity: Exploring Email Auto-configuration in the Wild. Shushang Wen, Yiming Zhang#, Yuxiang Shen, Bingyu Li, Haixin Duan, Jingqiang Lin#, NDSS 2025 (CCF-A, Big4).
  • Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange. Pinji Chen, Jianjun Chen, Mingming Zhang, Qi Wang, Yiming Zhang, Haixin Duan, Mingwei Xu, Haixin Duan, NDSS 2025 (CCF-A, Big4).

2024

Before 2024

🎖 Honors and Awards

  • 2022, Shuimu Tsinghua Scholar, Tsinghua University.
  • 2022, Outstanding Graduate of Computer Science and Technology, Tsinghua University.
  • 2022, Best Student Paper Award, EthiCS 22 (Euro SP Workshop).
  • 2018, Tsinghua-Samsung Scholarship, Tsinghua University.
  • 2016, National Scholarship.

📖 Educations

  • 2017.08 - 2022.06, Ph.D., Department of Computer Science and Technology, Tsinghua University.
  • 2013.08 - 2017.06, B.Sc., Department of Physics (Fundamental Science of Mathematics and Physics), Tsinghua University.

💬 Invited Talks

  • 2025.06, 5G Security Research, Shenzhen, China.
  • 2025.05, Invade the Walled Garden: Evaluating GTP Security in Cellular Networks (oral presentation at IEEE SP 2025), San Francisco, USA.
  • 2024.08, Into the Dark: Unveiling Internal Site Search Abused for BlackHat SEO (oral presentation at USENIX 2024), Philadelphia, USA.
  • 2024.06, 5G security from a network evolution perspective: practical challenges and research progress, USTC, Hefei, China.
  • 2024.02, Understanding the Implementation and Security Implications of Protective DNS Services (oral presentation at NDSS 2024), San Diego, USA.
  • 2023.05, Security Challenges and Solutions in HTTPS Deployments, APNIC ISIF Project, Beijing, China.
  • 2021.11, Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem (oral presentation at CCS 2021). Online.
  • 2021.06, Ethics in Cybersecurity and Network Measurement Research, Inforsec, Beijing, China.
  • 2020.11, Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China (oral presentation at CCS 2020). Online.

📝 Services

  • Technical Program Committee, ACM IMC 2026
  • Artificial Evaluate Committee, NDSS 2026
  • Artificial Evaluate Committee, USENIX Security 2025
  • Artificial Evaluate Committee, NDSS 2025
  • Artificial Evaluate Committee, CoNEXT 2023
  • Technical Program Committee, Securecomm 2023