Recently, the College of Computer Science has won two Distinguished Paper Awards at two of the top conferences in cybersecurity, highlighting the team’s deep expertise and original innovation in areas such as AI security and system security. These achievements have made a significant international impact.

NDSS 2026 Distinguished Paper Award

Conference Overview
NDSS, the Network and Distributed System Symposium, is a premier conference on network and distributed system security organized by ISOC. Since its inception in 1993, it has been held annually for over 30 years. NDSS, together with IEEE S&P, CCS, and Usenix Security, forms the “Big Four” conferences in cybersecurity and is also classified as an A-level conference by the China Computer Federation (CCF). This year, competition was especially fierce, with 1,481 submissions received and only 265 high-quality papers accepted, resulting in an overall acceptance rate of 17.89%.

Paper Overview
Peering Inside the Black-Box: Long-Range and Scalable Model Architecture Snooping via GPU Electromagnetic Side-Channel
This research focuses on hardware security in AI systems. Targeting GPUs, the core computing engine of AI, the team proposed a physical side-channel attack method called ModelSpy. By capturing electromagnetic emissions during GPU operation, the team successfully reconstructed and extracted detailed information about deep neural network architectures. Experiments showed that even from a distance, ModelSpy could infer fine-grained model structures, including the number of layers, the type of each layer, and corresponding hyperparameters, achieving 97% accuracy at distances up to 6 meters, even through walls. This work challenges the traditional belief that encryption alone can protect model privacy, exposing real security threats from hardware side-channel leaks.

The dataset and code have been fully open-sourced and received all three Artifact Badges from NDSS.

The paper’s first author is PhD student Xiao Rui (2020 cohort), second author PhD student Feng Sibo (2025 cohort), and corresponding author is Professor Han Jinsong. Full paper: NDSS Paper Link

IEEE S&P 2026 Distinguished Paper Award

Conference Overview
The IEEE Symposium on Security and Privacy (IEEE S&P) is a top-tier international conference in computer security and data privacy, founded in 1980. It is recognized as the leading conference in cybersecurity, also part of the “Big Four” along with NDSS, CCS, and USENIX Security, and is recommended as an A-level conference by the CCF. This year, out of roughly 2,000 submissions worldwide, only 13 papers received the Distinguished Paper Award, with just one paper awarded to a Chinese institution.

Paper Overview
Demystifying and Exploiting ASLR on NVIDIA GPUs
With the rapid growth of large-scale models and deep learning, GPUs have become the core computing backbone for intelligent systems and an emerging target for attacks. NVIDIA GPUs incorporate Address Space Layout Randomization (ASLR) to enhance security. However, unlike CPU ASLR, GPU ASLR’s design, security boundaries, and effectiveness have remained largely unexplored. This study provides the first systematic, comprehensive security analysis of NVIDIA GPU ASLR. The research not only reverse-engineered the GPU virtual address space layout but also uncovered several previously unknown ASLR design flaws. The team constructed attacks demonstrating that these flaws could compromise GPU–CPU security boundaries and even weaken CPU-side ASLR protections, revealing profound implications for overall system security.

The first author is PhD student Zhu Ruofan (2022 cohort), with corresponding author Associate Professor Shen Wenbo. This research was a collaborative effort between Zhejiang University, University of Rochester (USA), and Nanyang Technological University (Singapore). Full paper: PDF Link