I am an assistant professor in the Computer Science & Engineering Department of the University of Minnesota--Twin Cities. I earned my Ph.D. in Computer Science from Georgia Tech in 2017.
My research strives to help users automatically uncover and address security problems, and to harden widely used systems while preserving their reliability and efficiency. I have developed multiple systems and tools that prevent advanced attacks, eliminate vulnerabilities, and detect privacy leaks. My work has resulted in many updates in popular systems such as the Linux kernel, the Android OS, and Apple’s iOS.
I'm looking for Ph.D. students, a postdoc, and visiting students. If you are interested in systems and security, please feel free to contact me! See details.
For efficiency and flexibility purposes, widely used software systems such as operating systems and web servers are implemented in unsafe programming languages, and system designers often prioritize performance over security. As a result, these systems inherently suffer from a variety of vulnerabilities and insecure designs that have been exploited by adversaries to launch critical system attacks. System attacks constitute a major threat to our cyber world. The past several years have continuously witnessed critical system attacks targeting systems belonging to individuals, enterprises, and government agencies.
My research aims to secure widely used software systems in an automated and practical manner: to help users automatically uncover and address security problems without requiring manual effort, and to protect widely used systems (e.g., the Linux kernel) while preserving their reliability and efficiency. I have worked towards my research goal in the following directions.
Enabling precise and scalable whole-kernel analysis
- MLTA precisely identifies indirect-call targets in large programs like kernels and browsers using a new layered type analysis.
- CheQ can infer critical semantics in OS kernels, e.g., custom error codes, error handling, and security checks.
Detecting vulnerabilities and insecure designs
- Crix and CheQ employ cross-checking to find more than 400 new kernel bugs such as missing check and NULL-pointer dereferencing.
- LRSan detects lacking-recheck bugs (a checked variable is further modified before being used). 19 new bugs found.
- Deadline defines and detects double-fetch bugs in OS kernels using both static analysis and symbolic execution. 24 new bugs found.
- Target spraying reliably exploits uninitialized-use vulnerabilities by employing tailored symbolic execution and guided fuzzing.
- Jekyll uncovers insecurity with Apple's code signing and app review mechanisms, leading Apple to harden iOS.
Hardening software systems
- Bunshin enforces different and even conflicting security mechanisms in a program efficiently, using N-version programming.
- UniSan eliminates the most common information-leak vulnerabilities is OS kernels.
- ASLR-Guard and RuntimeASLR harden programs to prevent code-pointers leaks, using compiler techniques and dynamic instrumentation.
- DFI protects data-flow integrity for critical data in OS kernels.
Identifying privacy leaks
- AAPL employs enhanced data-flow analysis and peer-voting to detect suspicous privacy leaks in Android apps.
- SUPOR automatically infers sensitive user inputs on a large scale.
- deROP automatically transforms ROP payload into traditional attack payload, facilitating malware analysis.
- Packed ROP, Software Watermarking, and RopSteg transform and obfuscate programs.
- Aditya Pakki (PhD student)
- Qiushi Wu (PhD student)
- Bowen Wang (PhD student)
|Assistant Professor||University of Minnesota, Minneapolis||2017.8 - Present|
|Visiting Scholar||MPI-SWS & CISPA, Saarland University, Saarbrücken, Germany||2016.5 - 2016.8|
|Visiting Scholar||MPI-SWS & CISPA, Saarland University, Saarbrücken, Germany||2015.5 - 2015.8|
|Research Intern||Samsung Research America, Santa Clara||2014.5 - 2014.8|
|Research Intern||NEC Labs America, Princeton||2013.5 - 2013.8|
|Research Assistant||Georgia Institute of Technology, Atlanta||2012.8 - 2017.8|
|Research Engineer||Singapore Management University, Singapore||2011.11 - 2012.6|
|Research Assistant||Singapore Management University, Singapore||2010.7 - 2011.8|
|Research Assistant||Peking University, Beijing, China||2009.9 - 2010.7|
- ACM Conference on Computer and Communications Security (CCS'18, '19)
- The 27th USENIX Security Symposium (USENIX Security'18)
- The 13th ACM Asia Conference on Computer and Communications Security (AsiaCCS'18)