Ruining Yang
About Me
I am a third-year Ph.D. student in Computer Science at Stony Brook University, where I am a member of the PragSec Lab and advised by Prof. Nick Nikiforakis. My research is in systems and network security, with a focus on the security of Infrastructure as Code (IaC), software supply chains, and credential leakage in the wild.
I build measurement studies and tools that uncover how attackers abuse trust in modern infrastructure tooling, and how secrets exposed in public repositories are discovered and weaponized.
Research Interests
- Infrastructure as Code security: residual trust, remote-reference hijacking, security hardening adoption
- Software supply chain security: dependency and remote-reference attack surfaces
- Credential leakage measurement: honeypots, honeytokens, and attacker behavior in the wild
News
- [Jun. 2026] Our paper on security hardening adoption in Infrastructure as Code is accepted to PST 2026.
- [Jun. 2026] I am presenting DependoScope at ACM CODASPY 2026 in Frankfurt.
Publications
-
International Conference on Privacy, Security and Trust (PST), 2026.
-
ACM Conference on Data and Application Security and Privacy (CODASPY), 2026.
Services
Artifact Evaluation Committee
IEEE Symposium on Security and Privacy (S&P) 2026 Privacy Enhancing Technologies Symposium (PETS / PoPETs) 2026
Powered by Jekyll and Minimal Light theme.