Header image
Thousand Palms Oasis, Copyright © Zhihao Yao 2019

Zhihao "Zephyr" Yao

Computer Science Department
University of California, Irvine
Email: z dot yao at uci dot edu
Office: Donald Bren Hall 3231

I am a sixth-year Ph.D. candidate in the Department of Computer Science at UC Irvine, advised by Prof. Ardalan Amiri Sani.
I received my B.S. cum laude from UC Irvine. I am broadly interested in mobile computing and operating systems, with a focus on system security.


GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation
Hui Peng, Zhihao Yao, Ardalan Amiri Sani, Dave (Jing) Tian, Mathias Payer
accepted to USENIX Security, August 2023.

A Personal Computer for a Distrustful World
Zhihao Yao, Seyed Mohammadjavad Seyed Talebi, Mingyi Chen, Ardalan Amiri Sani, Thomas Anderson
Technical Report 2022-03-15, University of California, Irvine, March 2022.

Undo Workarounds for Kernel Bugs
Seyed Mohammadjavad Seyed Talebi, Zhihao Yao, Ardalan Amiri Sani, Zhiyun Qian, Daniel Austin
in Proc. USENIX Security, August 2021.
(acceptance rate: 19.0%=246/1295)
(paper) ( slides ) (source code)

Milkomeda: Safeguarding the Mobile GPU Interface Using WebGL Security Checks
Zhihao Yao, Saeed Mirzamohammadi, Ardalan Amiri Sani, Mathias Payer
in Proc. ACM Conference on Computer and Communications Security (CCS), October 2018.
(acceptance rate: 16.6%=134/809)
(paper) (talk) (source code) (blog)

Sugar: Secure GPU Acceleration in Web Browsers
Zhihao Yao, Zongheng Ma, Yingtong Liu, Ardalan Amiri Sani, Aparna Chandramowlishwaran
in Proc. ACM Int. Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 2018.
(acceptance rate 17.5%= 56/319)
(paper) (slides) (source code) (WebGL bugs study)

Professional Experience

Sep 2017 - Present, University of California, Irvine, Research Assistant

Jun 2018 - Mar 2019, Microsoft Research, Research Intern & Remote collaboration

Aug 2016 - Sep 2016, Compacta International Ltd., Engineering Intern

Jun 2014 - Mar 2017, California Plug Load Research Center at UC Irvine, Undergraduate Research Assistant


ACM HotMobile 2023, Local Arrangement Chair

ACM EuroSys 2022, Artifact Evaluation Committee Member

International Science and Engineering Fair (ISEF) 2022, Grand Award Judge

ACM SOSP 2021, Artifact Evaluation Committee Member

ACM MobiSys 2021, Virtual Arrangements & Student Session Co-Chair

International Science and Engineering Fair (ISEF) 2021, Grand Award Judge

International Science and Engineering Fair (ISEF) 2014, Translator

Responsible Vulnerability Disclosures
CVE-2019-10520, CVSSv3 Medium, Memory bug in multiple Snapdragon device drivers (Acknowledgment).
CVE-2019-10547, CVSSv3 High, Memory bug in the kernel-mode Ion driver (Acknowledgment).


Hobby Aug 14, 2021. Accelerate WebGL with IPFS (won Third Place at Browsers 3000)

System Feb 29, 2020. Kernel code reading notes: timer tick handling

System Jan 7, 2020. Kernel code reading notes: softirq implementation

System Nov 23, 2019. Kernel code reading notes: exit syscall

System Nov 10, 2019. Kernel code reading notes: fork/clone syscall

FPGA Sep 11, 2019. Xilinx ZCU102 FPGA Board debug notes

System Feb 21, 2019. Immortal Android Applications | Construct unprivileged applications that can never be killed by Linux out-of-memory(oom) killer

System Mar 7, 2018. WebGL Bugs Study (research artifact of our ASPLOS'18 paper)

Tools Feb 15, 2018, Diffbot (a repository clean up tool)