I am an assistant professor in the Computer Science & Engineering Department of the University of Minnesota--Twin Cities. I earned my Ph.D. in Computer Science from Georgia Tech in 2017.
My research strives to help users automatically uncover and address security problems, and to harden widely used systems while preserving their reliability and efficiency. I have developed multiple systems and tools that prevent advanced attacks, eliminate vulnerabilities, and detect privacy leaks. My work has resulted in many updates in popular systems such as the Linux kernel, the Android OS, and Apple’s iOS.
I'm looking for Ph.D. students, a postdoc, and visiting students. If you are interested in systems and security, please feel free to contact me! See details.
For efficiency and flexibility purposes, widely used software systems such as operating systems and web servers are implemented in unsafe programming languages, and system designers often prioritize performance over security. As a result, these systems inherently suffer from a variety of vulnerabilities and insecure designs that have been exploited by adversaries to launch critical system attacks. System attacks constitute a major threat to our cyber world. The past several years have continuously witnessed critical system attacks targeting systems belonging to individuals, enterprises, and government agencies.
My research aims to secure widely used software systems in an automated and practical manner: to help users automatically uncover and address security problems without requiring manual effort, and to protect widely used systems (e.g., the Linux kernel) while preserving their reliability and efficiency. I have worked towards my research goal in the following directions:
Hardening software systems
- Bunshin enables different and even conflicting security mechanisms to be combined to secure a program while reducing the execution slowdown, using N-version programming.
- UniSan eliminates the most common information-leak vulnerabilities is OS kernels.
- ASLR-Guard and RuntimeASLR harden programs to prevent code-pointers leaks, using compiler techniques and dynamic instrumentation.
- DFI protects data-flow integrity for critical data in OS kernels.
- Deadline formally defines double-fetch bugs in OS kernels, and precisely and efficiently detects them using static program analysis and symbolic execution. We found 24 new double-fetch bugs in OS kernels.
- Target spraying reliably exploits uninitialized-use vulnerabilities by employing tailored symbolic execution and guided fuzzing.
- Jekyll uncovers insecurity with Apple's code signing and app review mechanisms, leading Apple to harden iOS.
- AAPL employs enhanced data-flow analysis and peer-voting to detect suspicous privacy leaks in Android apps.
- SUPOR automatically infers sensitive user inputs on a large scale.
- Spring 2018: CSCI 8980: Topics in Systems Security
|Assistant Professor||University of Minnesota, Minneapolis||2017.8 - Present|
|Visiting Scholar||MPI-SWS & CISPA, Saarland University, Saarbrücken, Germany||2016.5 - 2016.8|
|Visiting Scholar||MPI-SWS & CISPA, Saarland University, Saarbrücken, Germany||2015.5 - 2015.8|
|Research Intern||Samsung Research America, Santa Clara||2014.5 - 2014.8|
|Research Intern||NEC Labs America, Princeton||2013.5 - 2013.8|
|Research Assistant||Georgia Institute of Technology, Atlanta||2012.8 - 2017.8|
|Research Engineer||Singapore Management University, Singapore||2011.11 - 2012.6|
|Research Assistant||Singapore Management University, Singapore||2010.7 - 2011.8|
|Research Assistant||Peking University, Beijing, China||2009.9 - 2010.7|
- The 13th ACM Asia Conference on Computer and Communications Security (AsiaCCS '18)
- The 27th USENIX Security Symposium (USENIX Security '18)
Reported Vulnerabilities (Selected)
tipc: stack object link_info in tipc_nl_compat_link_dump() is disclosed
without being properly initialized, causing kernel infoleak of up to 60
CVE-2016-4569: x25: stack object dte_facilities in x25_negotiate_facilities() is disclosed without being initialized, causing kernel infoleak of up to 8 bytes.
CVE-2016-4578: ASLA: Two Linux kernel information leak vulnerabilities in timer.c; each can leak 8 bytes.
CVE-2016-4569: ASLA: a Linux kernel information leak vulnerability in timer (stack object tread).
CVE-2016-4486: netlink: an uninitialized data leak in linux kernel (stack object map in net/core/rtnetlink.c).
CVE-2016-4482: usb: an uninitialized data leak in linux kernel (stack object ci in drivers/usb/core/devio.c).
CVE-2016-4485: llc: an uninitialized data leak in linux kernel (stack object info in file net/llc/af_llc.c).
CVE-2016-5244: rds: stack object minfo in net/rds/recv.c is disclosed without being fully initialized, causing 1 byte kernel infoleak.
Link: wireless: the whole array mac_addr may be sent out without initialization. This can cause a kernel infoleak of 6 bytes.