Staff Security Researcher
Baidu X-Lab, Baidu USA
Sunnyvale, CA 94089, USA
Phone: NDA4LTUwNS0zNjc5Cg==
Email: bob at


Dr. Mingshen Sun (Bob) is a staff security researcher of Baidu X-Lab at Baidu USA. He received his Ph.D. degree in Computer Science and Engineering from The Chinese University of Hong Kong, under the supervision of Prof. John C.S. Lui. He was a member of Advanced Networking and System Research Laboratory (ANSRLab) in CUHK. During the Ph.D. studies, he worked as a research intern in Qihoo 360 with Prof. Xuxian Jiang. Bob also worked in National University of Singapore as a research assistant with Prof. Richard T.B. Ma and Prof. Zhenkai Liang. He leads, maintains and actively contributes to several open source projects.

Research Interests

System Security, Mobile/IoT Security, TEE, and Memory-Safe Programming Language



  1. Huibo Wang, Pei Wang, Yu Ding, Mingshen Sun, Yiming Jing, Ran Duan, Long Li, Yulong Zhang, Tao Wei, and Zhiqiang Lin. Towards Memory Safety for Enclave Programs with Rust-SGX. To appear in the 26th ACM Conference on Computer and Communications Security, CCS '19, London, UK, November, 2019.
  2. Zhuohua Li, Jincheng Wang, Mingshen Sun, and John C.S. Lui. Securing the Device Drivers of Your Embedded Systems: Framework and Prototype. To appear in the 3rd International Workshop on Security and Forensics of IoT (in conjunction with ARES 2019), IoT-SECFOR '19, Canterbury, UK, August 2019.
  3. Mingshen Sun, Tao Wei, and John C.S. Lui. TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime. In Proceedings of the 23rd ACM Conference on Computer and Communications Security, CCS '16, Vienna, Austria, October 2016. (AR: 137/831 = 16.5%)
  4. Mingshen Sun, John C.S. Lui, and Yajin Zhou. Blender: Self-randomizing Address Space Layout for Android Apps. In Proceedings of the 19th International Symposium on Research in Attacks, Intrusions and Defenses, RAID '16, Evry, France, September 2016. (AR: 21/84 = 25%)
  5. Mingshen Sun, Mengmeng Li, and John C.S. Lui. DroidEagle: Seamless Detection of Visually Similar Android Apps. In Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec '15, New York City, USA, June 2015. (AR: 16/83 = 19.2%)
  6. Mingshen Sun, Min Zheng, John C.S. Lui, and Xuxian Jiang. Design and Implementation of an Android Host-based Intrusion Prevention System. In Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC '14, New Orleans, USA, December 2014. (AR: 47/236 = 19.9%)
  7. Min Zheng, Mingshen Sun, and John C.S. Lui. DroidTrace: A Ptrace Based Android Dynamic Analysis System with Forward Execution Capability. In Proceedings of the 10th International Wireless Communications and Mobile Computing Conference, IWCMC '14, Nicosia, Cyprus, August 2014.
  8. Min Zheng, Mingshen Sun, and John C.S. Lui. DroidRay: A Security Evaluation System for Customized Android Firmwares. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, ASIACCS '14, Kyoto, Japan, June 2014.
  9. Min Zheng, Mingshen Sun, and John C.S. Lui. DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware. In Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom '13, Melbourne, Australia, July 2013.


  1. Yang Hu, Mingshen Sun, John C.S. Lui. Exploiting Non-Uniform Program Execution Time to Evade Record/Replay Forensic Analysis. Computers & Security. 0167-4048, 2019
  2. Mingshen Sun, Xiaolei Li, John C.S. Lui, Richard T.B. Ma, and Zhenkai Liang. Monet: A User-oriented Behavior-based Malware Variants Detection System for Android. IEEE Transactions on Information Forensics and Security, TIFS, 12(5), 1103-1112, 2017.


  • MesaTEE: a framework for universal secure computing.
  • Rust OP-TEE TrustZone SDK: enabling safe, functional, and ergonomic development of trustlets.
  • MesaLock Linux: a memory-safe Linux distribution.
  • MesaBox: a collection of core system utilities written in Rust for Unix-like systems.
  • MesaPy: a fast and safe Python implementation based on PyPy with SGX support.
  • RPython by Example: a collection of runnable examples that illustrate various RPython concepts and libraries.
  • YogCrypt: a fast, general purpose crypto library in Rust (supports SM2/SM3/SM4).
  • Pass for iOS: a password manager for iOS (compatible with Password Store).
  • More…



  • Research Assistant, National University of Singapore, June - September 2014
  • Research Internship, Wireless Research Lab, Qihoo 360, June - September 2013

Teaching Assistant

  • CMSC5726 Computer and Network Security, Spring 2014
  • CMSC5702 Parallel and Distributed Systems, Spring 2015
  • CSCI4430 Data Communication and Computer Networks, Spring 2013/2014/2015
  • CSCI3310 Mobile Computing and Application Development, Fall 2012
  • CSCI3150 Introduction to Operating Systems, Fall 2013/2014/2015 & Spring 2016

Selected Awards

  • Student Travel Grant for ACSAC 2014, WiSec 2015, and CCS 2016.
  • The 35th ACM-ICPC Asia Regional Contest, Excellent Award, Harbin, 2010
  • NAPROCK International Programming Contest (Final), International Special Prize, Japan, 2010

Seminars & Talks

Professional Services