查看文章

My research focuses on security analysis and vulnerability discovery in complex yet essential software systems (eg, Operating Systems). Due to the modern world's heavy dependence on software, timely pinpointing and understanding their security flaws is critical. However, it remains a significant challenge to automate this process, especially for intricate tasks such as discovering subtle vulnerabilities in the large code base. I set a critical goal for my research to systematically and automatically reason about the software for security loopholes. Following this direction, I have discovered and investigated real-world security issues [12, 13, 1], developed techniques to automatically and accurately pinpoint known-but-unpatched vulnerabilities [11, 14], and unknown complex vulnerabilities of certain types [10]. My past work span different software layers (eg, source code, IR, and binary), explore diverse techniques (eg, both static and dynamic program analysis), and cover various vulnerability categories (eg, both known and unknown, including multiple types such as memory corruption, denial-of-service, information leak, etc.). My research has led to multiple papers published on top venues in related areas (eg, ACM CCS, USENIX Security, ACM ICSE), opensource tools attracting interest from and applied in both academia and industry, and various discovered vulnerabilities fixed, acknowledged, and sometimes bountied by the community.