I am an assistant professor in the Computer Science & Engineering
Department of the University of Minnesota--Twin Cities.
I research and teach systems security. My primary research lies at
the intersection of security, operating systems, program analysis,
and compilers. My research also occasionally involves machine
learning and computer architecture.
I earned my Ph.D. in Computer Science from Georgia Tech in 2017.
I'm looking for Ph.D. students, a postdoc, and visiting students.
If you are interested in systems and security, please feel free to
contact me! Seedetails.
News
[06/29/2020] Our paper studying the new security risks of Docker Hub, sensitive commands, massive unpatched vulnerabilities, and malware, is to appear in ESORICS'20.
[03/30/2020] Congrats to Aditya for his paper conditionally accepted to ACM CCS'20! This paper shows how exaggerated (excessive) error handling causes kernel and process crashing, and detects it with context-aware analysis.
[03/04/2020] SEIMI accepted to Oakland'20! It securely runs user code in kernel mode (ring 0) using virtualization techniques.
[02/21/2020] Our fuzzing work got accepted to USENIX Security'20! Using a new context-sensitive fault-injection technique, we are able to effectively fuzz-test error-handling code that is largely missed by current fuzzing. Many new bugs were found in well-tested programs like OpenSSL.
[02/15/2020] Our work on flexible and efficient memory protection for SGX got accepted to EuroSys'20! It uses only three bound registers to maintain six memory regions with different permissions.
[02/02/2020] Our paper on precisely determining security bugs using conservative symbolic rule comparison has been accepted to NDSS'20
[11/26/2019] Will join the program committee of ACM CCS'20
[11/13/2019] Honored to receive The Best Paper Award from ACM CCS 2019!
[07/30/2019] Got one paper that soundly and precisely identifies indirect-call targets in large programs accepted to ACM CCS'19
[07/07/2019] My proposal on checking security checks in OS kernels has been recommended for funding. Thanks NSF!
...
Research
My research aims to secure widely used system and foundational
software, such as OS kernels and compilers, in a principled and
practical manner---to discover new classes of vulnerabilities and
threats, to detect security bugs, and to protect software systems
from attacks. While actively discovering security issues with
empirical analysis, I strive to ensure that the proposed detection and
defense techniques are sharp and generic.
My work has resulted in many updates in popular systems such as the
Linux kernel, the Android OS, and Apple’s iOS. Specifically, I have
been working towards my research goals in the following directions.
Building-block development for software security
Program analysis: Indirect-call analysis, alias analysis
Defense: Intra-process isolation, control- and data-flow integrity
Concurrency bugs, memory disclosures, and side channels
System hardening against runtime attacks
Memory safety, control-flow integrity, (re-)randomization,
execute-only memory (in SGX)
Publications
Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection [PDF] Aditya Pakki, and Kangjie Lu. To appear in Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS'20). Orlando, FL, November 2020.
Understanding the Security Risks of Docker Hub [PDF] Peiyu Liu, Shouling Ji, Lirong Fu, Kangjie Lu, Xuhong Zhang, Wei-Han Lee, Tao Lu, Wenzhi Chen, and Raheem Beyah. To appear in Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS'20). Guildford, UK, September 2020.
Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection [PDF] Zu-Ming Jiang, Jia-Ju Bai, Kangjie Lu, and Shi-Min Hu. To appear in Proceedings of the 29th USENIX Security Symposium (Security'20). Boston, MA, August 2020.
SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation [PDF] Zhe Wang, Chenggang Wu, Mengyao Xie, Yinqian Zhang, Kangjie Lu, Xiaofeng Zhang, Yuanming Lai, Yan Kang, and Min Yang. In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland'20). San Francisco, CA, May 2020.
MPTEE: Bringing Flexible and Efficient Memory Protection to Intel SGX [PDF] Wenjia Zhao, Kangjie Lu, and Yong Qi. In Proceedings of the 15th European Conference on Computer Systems (EuroSys'20). Crete, Greece, April 2020.
Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison [PDF] Qiushi Wu, Yang He, Stephen McCamant, and Kangjie Lu. In Proceedings of the 2020 Annual Network and Distributed System Security Symposium (NDSS'20). San Diego, CA, February 2020.
Where Does It Go? Refining Indirect-Call Targets with Multi-Layer Type Analysis [PDF] Kangjie Lu, and Hong Hu. In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS'19). London, UK, November 2019. ★ Best Paper Award (1/947)
Automatically Identifying Security Checks for Detecting Kernel Semantic Bugs [PDF | Code] Kangjie Lu, Aditya Pakki, and Qiushi Wu. In Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS'19). Luxembourg, September 2019.
Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences [PDF | Code] Kangjie Lu, Aditya Pakki, and Qiushi Wu. In Proceedings of the 28th USENIX Security Symposium (Security'19). Santa Clara, CA, August 2019.
Stopping Memory Disclosures via Diversification and Replicated Execution [PDF] Kangjie Lu, Meng Xu, Chengyu Song, Taesoo Kim, and Wenke Lee. IEEE Transactions on Dependable and Secure Computing (TDSC'18), October 2018.
Check it Again: Detecting Lacking-Recheck Bugs in OS Kernels [PDF | Code] Wenwen Wang, Kangjie Lu, and Pen-Chung Yew. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS'18). Toronto, Canada, October 2018.
Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels [PDF] Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, and Taesoo Kim. In Proceedings of the 39th IEEE Symposium on Security and Privacy (Oakland'18). San Francisco, CA, May 2018.
Bunshin: Compositing Security Mechanisms through Diversification [PDF] Meng Xu, Kangjie Lu, Taesoo Kim, and Wenke Lee. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC'17). Santa Clara, CA, July 2017.
Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying [PDF] Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nürnberger, Wenke Lee, and Michael Backes. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS'17). San Diego, CA, February 2017.
UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages [PDF | Page | Code] Kangjie Lu, Chengyu Song, Taesoo Kim, and Wenke Lee. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS'16). Vienna, Austria, October 2016.
Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques [PDF] Meng Xu, Chengyu Song, Yang ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, , and Taesoo Kim. ACM Computing Surveys (CSUR'16) 49(2), August 2016.
How to Make ASLR Win the Clone Wars: Runtime Re-Randomization [PDF | Code | Demo] Kangjie Lu, Stefan Nürnberger, Michael Backes, and Wenke Lee. In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS'16). San Diego, CA, February 2016.
Enforcing Kernel Security Invariants with Data Flow Integrity [PDF] Chengyu Song, Byoungyoung Lee, Kangjie Lu, William R. Harris, Taesoo Kim, and Wenke Lee. In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS'16). San Diego, CA, February 2016.
ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks [PDF | Page | Code] Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, and Wenke Lee. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15). Denver, Colorado, October 2015.
SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps [PDF] Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, and Guofei Jiang. In Proceedings of the 24th USENIX Security Symposium (Security'15). Washington, DC, August 2015.
Software Watermarking using Return-Oriented Programming [PDF] Haoyu Ma, Kangjie Lu, Xinjie Ma, Haining Zhang, Chunfu Jia, and Debin Gao. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS'15). Singapore, April–June 2015.
Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting [PDF] Kangjie Lu, Zhichun Li, Vasileios Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, and Guofei Jiang. In Proceedings of the 2015 Annual Network and Distributed System Security Symposium (NDSS'15). San Diego, CA, February 2015.
RopSteg: Program Steganography with Return Oriented Programming [PDF] Kangjie Lu, Siyang Xiong, and Debin Gao. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY'14). San Antonio, Texas, USA, March 2014.
Jekyll on iOS: When Benign Apps Become Evil [PDF] Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee. In Proceedings of the 22th USENIX Security Symposium (Security'13). Washington, DC, August 2013.
deRop: Removing Return-Oriented Programming from Malware [PDF] Kangjie Lu, Dabi Zou, Weiping Wen, and Debin Gao. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11). Orlando, Florida, USA, December 2011.
Packed, Printable, and Polymorphic Return-Oriented Programming [PDF] Kangjie Lu, Dabi Zou, Weiping Wen, and Debin Gao. In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID'11). Menlo Park, California, USA, September 2011.
