About Me
I’m Tianyi Li, a blockchain security engineer at CertiK.
Previous to that, I was a senior security engineer at Antgroup, designed and implemented high performance MPC computation system.
I received my Bachelor and Master degree at Wangxuan Institute of Computer Technology (WICT) of Peking University (PKU). My research includes browser fingerprinting and it’s detection techniques. I also worked on web security, privacy enhancing technologies and program (JavaScript and linux binary) analysis. I was a member of CTF team r3kapig (ID: n0b0dy), and I mainly focus on web challenges.
I’m interested in music. I have participated in the rehearsal of the PKU EECS chorus competition for 7 years (link), and I sing as Base in the choir. I’m also interested in Chinese opera.
Contact
- Email: contact [AT] litianyi.site
- Github: https://github.com/n0b0dyCN
Work Experience
- 2023.5 - present, Blockchain Security Engineer @ CertiK
- 2021.7 - 2023.5, Senior Security Engineer @ Antgroup
- Develop distributed and fast MPC engine (TECC) from scratch
- Design & implement distributed data analysis framework from scratch
- Tech Stack: Rust, PURE C, Python, Intel SGX with Occlum, a little bit Java
- Patents involved (first author): CN114726514A, CN114692060A
- Patents involved (other): CN114726512A, CN114726511A, CN114726580A, CN114003962A, CN113992439A, CN113987554A
- Public available resources: TECC white paper, TECC in WAIC 2022
Education
- 2018 - 2021, Peking University (PKU)
- Wangxuan Institute of Computer Technology (WICT)
- Master of Science in Computer Application Technology
- 2014 - 2018, Peking University (PKU)
- School of Electronics Engineering and Computer Science (EECS)
- Bachelor of Science in Computer Science and Technology
Research Interest
- Web Security & Privacy (Vulnerabilities, User Tracking, Web/Internet Measurement)
- Dynamic and Static Program Analysis (JavaScript, Binary)
- Trusted Execution Environment (Intel SGX)
Projects
- gbdt-rs: A fast and secure GBDT library, supporting TEEs such as Intel SGX and ARM TrustZone
- Redis Rogue Server: Redis <= 5.0.5 RCE exploit
Publications
- FPFlow: Detect and Prevent Browser Fingerprinting with Dynamic Taint AnalysisTianyi Li, Xiaofeng Zheng, Kaiwen Shen, Xinhui Han[S&P POSTER] Security & Privacy IEEE, 2021[CCSAC] China Cyber Security Annual Conference, 2021[Patent] 基于V8引擎的JavaScript动态污点跟踪方法及电子装置 [CN112199274A]poster abstract, paper
- From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet AgeYixiong Wu, Jianwei Zhuge, Tingting Yin, Tianyi Li, Junmin Zhu, Guannan Guo, Yue Liu and Jianju Hu[ICISSP] International Conference on Information Systems Security and Privacy, 2021pdf
- Poster: gbdt-rs: Fast and Trustworthy Gradient Boosting Decision TreeTianyi Li, Tongxin Li, Yu Ding, Yulong Zhang, Tao Wei, Xinhui Han[S&P POSTER] Security & Privacy IEEE, 2019pdf, code
- POSTER: PT-DBG: Automatically anti-debugging bypassing based on Intel Processor TraceGuancheng Li, Yongheng Chen, Tianyi Li, Tongxin Li, Xinfeng Wu, Chao Zhang, Xinhui Han[S&P POSTER] Security & Privacy IEEE, 2018pdf
Patents
- Dynamic JavaScript taint analysis: CN112199274A
- Multiparty computation algorithms: CN114726514A, CN114692060A
- Multiparty computation system design: CN114726512A, CN114726511A, CN114726580A, CN114003962A, CN113992439A, CN113987554A