Ye Wang
Portrait
Logo University of Kansas

I am a final-year PhD candidate in Computer Science at the University of Kansas, advised by Dr. Fengjun Li and Dr. Bo Luo. My research primarily focuses on Physical AI systems and their security. Specifically, I investigate both offensive and defensive techniques for mobile, CPS, and AI-enabled systems. My research interests include:
• Trustworthy ML/AI: Adversarial ML; Prompt injection; AI misinformation and misuse.
• Physical AI: IoT/CPS; Mobile; Wireless Systems; Side and Covert channels
• Communication security: NFC; Optical fiber communication; GPS spoofing.

Before joining KU, I received my B.S. and M.Eng. degrees from Beihang University. After graduation, I worked as a full-time research scientist at the Institute of Information Engineering, Chinese Academy of Sciences.

Curriculum Vitae

News  |  Education  |  Research Experience  |  Honors & Awards  |  Teaching Experience  |  Selected Publications

Google Scholar GitHub LinkedIn ORCID
News
2026
Our paper, 'Side Meets Covert Channels: A Practical Fully Sensor-Driven Attack Chain' has been accepted by ICICS2026!
May 02
I am honored to be selected as a second set of the Laura Bassi Scholarship.
Mar 21
I am honored to be selected as an Internet Society NDSS Fellow (1 of 20 worldwide), which supports my participation in the NDSS Symposium and engagement with the global security research community.
Jan 15
2025
Our paper, 'Beyond Conventional Triggers: Auto-Contextualized Covert Triggers for Android Logic Bombs' has been accepted by NDSS 2026!
Dec 04
I am honored to receive KU's highly competitive Doctoral Student Research Fund, awarded to approximately 30 students annually!
Oct 15
Our Poster 'A novel fully sensor-driven attack chain' has been accepted by ACSAC 2025, which will be presented in Hawaii
Oct 01
Our work, 'Agile: An Effective Laser-Based Physical Adversarial Attack against Face Recognition' has been demonstrated in the AI summit 'Falling into AI' with Google!
Oct 01
2024
I am honored to be awarded the ACM CCS Student Travel Grant and will attend the conference in Salt Lake City.
Sep 04
Our paper, 'The Invisible Polyjuice Potion: an Effective Physical Adversarial Attack against Face Recognition, ' has been accepted by ACM CCS 2024!
May 24
Our work: 'An Effective Physical Adversarial Attack against Face Recognition' is demonstrated in the FBI and KU Cybersecurity Conference.
Apr 04
Education
  • University of Kansas
    University of Kansas
    Department of Electrical Engineering and Computer Science
    Ph.D. Candidate in Computer Science
    Jan. 2020 - present
  • Beihang University
    Beihang University
    School of Instrumentation Science and Optoelectronic Engineering
    M.Eng. in Optical Engineering
    Advisor: Prof. Xiaxiao Wang
    Sep. 2011 - Mar. 2014
  • Beihang University
    Beihang University
    School of Instrumentation Science and Optoelectronic Engineering
    B.S. in Electronic Engineering
    Advisor: Prof. Zhongyi Chu
    Sep. 2007 - Jul. 2011
Research Experience
  • Institute for Information Science (I2S), University of Kansas(KU)
    Institute for Information Science (I2S), University of Kansas(KU)
    Graduate Research Assistant
    Jan. 2020 - present
  • Institute of Information Engineering (IIE), Chinese Academy of Sciences (CAS)
    Institute of Information Engineering (IIE), Chinese Academy of Sciences (CAS)
    Assistant Research Fellow
    Mar. 2014 - Dec. 2019
  • Institute of Optoelectronics Technology, Beihang University
    Institute of Optoelectronics Technology, Beihang University
    Graduate Research Assistant
    Sep. 2011 - Mar. 2014
Selected Honors & Awards
  • NDSS Fellow (1 of 20 worldwide) - Internet Society
    2026
  • Doctoral Student Research Fund Award (30 annually) - KU
    2025
  • DAVID D. and MILDRED H. ROBB AWARD - KU
    2024, 2025
  • ACM CCS Travel Grant Award (about 1 of 30 worldwide) - ACM SIGSAC
    2024
  • Graduate Engineering Association Award - KU
    2024, 2025
  • Graduate Student Travel Fund - KU Student Senate
    2024, 2025
  • The second prize of the Science and Technology Award (ranked 2nd) - MIIT (PRC)
    2019
  • Annual Outstanding Researcher Award (20 out of 690) - IIE, CAS
    2018
  • Annual Outstanding Researcher Award (4 out of 80) - 4th research department, IIE, CAS
    2016
  • Outstanding Master’s Thesis Award - Beihang University
    2014
  • Science and Technology Award - Ministry of Education (PRC)
    2013
  • Graduate Guanghua Scholarship - Beihang University
    2013
  • Outstanding Undergraduate Thesis Award - Beihang University
    2011
Teaching Experience
  • EECS 569 - Computer Forensics
    Fall 2024
  • EECS 565 - Introduction to Information and Computer Security
    Fall 2025, 2024, 2023
  • EECS 447 - Introduction to Database Systems
    Spring 2026, 2024, 2023
  • EECS 268 - Programming II
    Spring 2025
Selected Publications (view all )
Side Meets Covert Channels: A Practical Fully Sensor-Driven Attack Chain.
Side Meets Covert Channels: A Practical Fully Sensor-Driven Attack Chain.

Ye Wang, Yuying Li, Bo Luo, Fengjun Li

International Conference on Information and Communications Security (ICICS)Accepted. 2026

In this paper, we first explore the control plane of sensor-based attacks and leverage a lightweight control protocol to demonstrate the practical feasibility of side-channel and covert-channel attacks on smartphones.

Side Meets Covert Channels: A Practical Fully Sensor-Driven Attack Chain.

Ye Wang, Yuying Li, Bo Luo, Fengjun Li

International Conference on Information and Communications Security (ICICS)Accepted. 2026

In this paper, we first explore the control plane of sensor-based attacks and leverage a lightweight control protocol to demonstrate the practical feasibility of side-channel and covert-channel attacks on smartphones.

Beyond Conventional Triggers: Auto-Contextualized Covert Triggers for Android Logic Bombs
Beyond Conventional Triggers: Auto-Contextualized Covert Triggers for Android Logic Bombs

Ye Wang, Bo Luo, Fengjun Li

Network and Distributed System Security Symposium (NDSS) 2026

In this paper, we present SensorBomb, a logic-bomb framework that violates this assumption by auto-contextualizing triggers within an app’s legitimate sensor usage, actuator behaviors, and functional context, using onboard sensor–actuator covert channels and dynamically adapted trigger patterns to evade analysis, fuzzing, anomaly detection, and user suspicion.

[Paper] [Slides]

Beyond Conventional Triggers: Auto-Contextualized Covert Triggers for Android Logic Bombs

Ye Wang, Bo Luo, Fengjun Li

Network and Distributed System Security Symposium (NDSS) 2026

In this paper, we present SensorBomb, a logic-bomb framework that violates this assumption by auto-contextualizing triggers within an app’s legitimate sensor usage, actuator behaviors, and functional context, using onboard sensor–actuator covert channels and dynamically adapted trigger patterns to evade analysis, fuzzing, anomaly detection, and user suspicion.

[Paper] [Slides]

The Invisible Polyjuice Potion: an Effective Physical Adversarial Attack against Face Recognition
The Invisible Polyjuice Potion: an Effective Physical Adversarial Attack against Face Recognition

Ye Wang, Zeyan Liu, Bo Luo, Rongqing Hui, Fengjun Li

Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (CCS) 2024

In this paper, we propose a novel physical adversarial attack against deep face recognition systems, namely Agile (Adversarial Glasses with Infrared LasEr). It generates adjustable, invisible laser perturbations and emits them into the camera CMOS to launch dodging and impersonation attacks against facial biometrics systems.

[Paper] [Slides] [Code]

The Invisible Polyjuice Potion: an Effective Physical Adversarial Attack against Face Recognition

Ye Wang, Zeyan Liu, Bo Luo, Rongqing Hui, Fengjun Li

Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (CCS) 2024

In this paper, we propose a novel physical adversarial attack against deep face recognition systems, namely Agile (Adversarial Glasses with Infrared LasEr). It generates adjustable, invisible laser perturbations and emits them into the camera CMOS to launch dodging and impersonation attacks against facial biometrics systems.

[Paper] [Slides] [Code]

All publications