Yufan You

Yufan You游宇凡

About

My name is Yufan You (pronounced “Yoo-fahn Yoh”). I am an undergraduate student at Tsinghua University, graduating in July. I will continue at Tsinghua as a graduate student under the supervision of Prof. Jianjun Chen.

My research focuses on Network, Protocol, and Web Security. I am particularly interested in identifying and mitigating vulnerabilities arising from parser differentials and semantic gaps between protocol implementations.

Besides network security research, I also enjoy solving CTF challenges, Web development (e.g., the page you are visiting), and programming in Rust with Neovim on Arch Linux.

Receiving the third-place award at SECCON CTF 13 International Finals in 2025.3Click to closeReceiving the third-place award at SECCON CTF 13 International Finals in 2025.3

Publications

  • My ZIP isn’t your ZIP: Identifying and Exploiting Semantic Gaps Between ZIP Parsers

    1. Yufan You
    2. Jianjun Chen
    3. Qi Wang
    4. Haixin Duan
    34th USENIX Security Symposium

    We discovered semantic gaps across 50 ZIP parsers, where different parsers read different contents from the same ZIP file. We provided root-cause analysis and real-world exploitation scenarios. Our findings were assigned 3 CVEs and rewarded by Gmail, Coremail, and Zoho.

    To appear
    BibTeX
    @inproceedings{youMyZIPisnt2025,
  author = {Yufan You and Jianjun Chen and Qi Wang and Haixin Duan},
  title = {{My ZIP isn’t your ZIP: Identifying and Exploiting Semantic Gaps Between ZIP Parsers}},
  booktitle = {34th USENIX Security Symposium},
  address = {Seattle, WA},
  publisher = {USENIX Association},
  year = {2025},
  month = aug,
  day = {13}
}

Projects

Selected miscellaneous projects
  • Design of the bitmap allocatorClick to closeDesign of the bitmap allocator

    Formal Verification for Operating System Memory Components

    Using the Verus tool for verifying low-level Rust code, I built a simple verified memory allocator for ArceOS and adapted a page table from earlier work to composite an operating system with verified memory components.

    Code
    Spring 2024
  • Playing Minecraft on LAN through our own routersClick to closePlaying Minecraft on LAN through our own routers

    Hardware IPv6 Router and RISC-V CPU on FPGA

    I worked with two teammates to build an IPv6 router on an FPGA board. We used SystemVerilog to implement basic neighbor discovery and packet forwarding. We also built a RISC-V CPU on the FPGA to run software that implements the RIPng routing protocol and maintains a tree-based data structure for efficient forwarding table lookups. The software communicates with the hardware to update and manage forwarding decisions in real time.

    Code
    Fall 2023
  • Playing the Dino gameClick to closePlaying the Dino game

    Motion-Controlled Chrome Dino Game on FPGA (“Dino Fit Adventure”)

    My teammate and I implemented a motion-controlled version of the Chrome Dino game on FPGA. We faithfully recreated the original graphics and gameplay mechanics, allowing players to control the T-Rex by physically jumping or crouching. I was responsible for handling sensor input and video output.

    CodeVideo
    Spring 2023
  • Screenshot of CP Editor with the classic A+B problemClick to closeScreenshot of CP Editor with the classic A+B problem

    CP Editor: IDE for Competitive Programming

    I am one of the lead maintainers of CP Editor, an open-source IDE for competitive programming built with C++ and Qt. It was mainly developed during my high school years when I was competing in Olympiad in Informatics. Now it has gained star count stars with a total of download count downloads on GitHub.

    Code
    Since 2019

Awards

  • Third Place in SECCON CTF 13 International Finals(As Blue-Lotus Team Member)
    2025
  • Scholarship for Science and Technology Innovation Excellence, Tsinghua University
    2024
  • Grand Prize in THUCTF 2023(As Individual, First Place Among 127 Tsinghua Students)
    2023
  • Silver Medal in 37th CCF National Olympiad in Informatics (NOI 2020)
    2020

Services

  • Teaching Assistant of Digital Logic Design(Guide students to design FPGA projects)
    Spring 2025