I’m a Staff Software Engineer and Product Security Lead at Pinterest. I love pinning cats. Follow me on Pinterest:
I earned my PhD in Computer Science and Engineering from the University of Michigan, Ann Arbor. My advisor was Prof. Z. Morley Mao.
Recent Blogs & Talks
- How We Protect Pinners’ Passwords (Pinterest Engineering blog)
- Wins and learns from the integration of reCAPTCHA at Pinterest (BSidesSF’22)
Work Experience
- Product Security, Pinterest (April 2019 – )
- Graduate Research Assistant, Department of Electrical Engineering and Computer Science, University of Michigan. (Aug 2014 – Mar 2019)
- Software Engineer Intern, Facebook. (Jun 2018 – Aug 2018)
- Research Intern, B2B Lab, Samsung Research America. (Jun 2016 – Aug 2016, May 2017 – Aug 2017)
- Research Assistant, Department of Computing, The Hong Kong Polytechnic University. (Oct 2013 – Jul 2014)
Publications
- Yikai Lin, Yuru Shao, Xiao Zhu, Junpeng Guo, Kira Barton, Z. Morley Mao. ADD: Application and Data-Driven Controller Design. SOSR 2019. [Paper]
- Yuru Shao, Ruowen Wang, Xun Chen, Ahmed Azab, Z. Morley Mao. A Lightweight Framework for Fine-Grained Lifecycle Control of Android Applications. EuroSys 2019. [Paper][Slides]
- Mu Zhang, Chien-Ying Chen, Bin-Chou Kao, Yassine Qamsane, Yuru Shao, Yikai Lin, Elaine Shi, Sibin Mohan, Kira Barton, James Moyne, Z. Morley Mao. Towards Automated Safety Vetting of PLC Code in Real-World Plants. Oakland 2019. [Paper]
- Lei Xue, Chenxiong Qian, Hao Zhou, Xiapu Luo, Yajin Zhou, Yuru Shao, Alvin T.S. Chan. NDroid: Towards Tracking Information Flows Across Multiple Android Contexts. IEEE Transactions on Information Forensics & Security (TIFS), March 2019. [Paper]
- Felipe Lopez, Yuru Shao, Z. Morley Mao, James Moyne, Kira Barton, Dawn Tilbury. A Software-Defined Framework for the Integrated Management of Smart Manufacturing Systems. Manufacturing Letters, Vol. 15, Jan. 2018. [Paper]
- Felipe Lopez, Miguel Saez, Yuru Shao, Efe Balta, James Moyne, Morley Mao, Kira Barton, and Dawn Tilbury. Categorization of Anomalies in Smart Manufacturing Systems to Support the Selection of Detection Mechanisms. IEEE Robotics and Automation Letters, Vol. 2, Issue: 4, Oct. 2017. [Paper]
- Yuru Shao, Jason Ott, Yunhan Jia, Zhiyun Qian, and Z. Morley Mao. The Misuse of Android Unix Domain Sockets and Security Implications. CCS 2016. (acceptance rate 16.5% = 137/831) [Paper][Slides]
- Yuru Shao, Jason Ott, Qi Alfred Chen, Zhiyun Qian, and Z. Morley Mao. Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. NDSS 2016. (acceptance rate 15.4% = 60/389) [Paper][Slides]
- Qi Alfred Chen, Zhiyun Qian, Yunhan Jia, Yuru Shao, and Z. Morley Mao. Static Detection of Packet Injection Vulnerabilities – A Case for Identifying Attacker-controlled Implicit Information Leaks. CCS 2015. [Paper]
- Yuru Shao, Xiapu Luo, Chenxiong Qian. Towards a Salable Resource-driven Approach for Detecting Repackaged Android Applications. ACSAC 2014. [Paper]
- Yuru Shao, Xiapu Luo, Chenxiong Qian. RootGuard: Protecting Rooted Android Phones. IEEE Computer 47(6): 32-40, 2014. (Among the top 10 downloaded articles from the IEEE Computer Society’s Digital Library during 2014) [Paper]
- Lei Xue, Xiapu Luo, Yuru Shao. kTRxer: A Portable Toolkit for Reliable Internet Probing. IWQoS 2014. [Paper]
- Chenxiong Qian, Xiapu Luo, Yuru Shao. NDroid: Tracking Information Leaks through Java Native Interface in Android Apps. DSN 2014. [Paper]
Academic Services
- Journal reviewer
- IEEE Transactions on Information Forensics & Security
- Journal of Information Security and Applications