I am an assistant professor in the Computer Science & Engineering Department of the University of Minnesota--Twin Cities. I research and teach systems security. My primary research lies at the intersection of security, operating systems, program analysis, and compilers. My research also occasionally involves machine learning and computer architecture. I earned my Ph.D. in Computer Science from Georgia Tech in 2017.
I'm looking for Ph.D. students, a postdoc, and visiting students. If you are interested in systems and security, please feel free to contact me! See details.
- [06/29/2020] Our paper studying the new security risks of Docker Hub, sensitive commands, massive unpatched vulnerabilities, and malware, is to appear in ESORICS'20.
- [03/30/2020] Congrats to Aditya for his paper conditionally accepted to ACM CCS'20! This paper shows how exaggerated (excessive) error handling causes kernel and process crashing, and detects it with context-aware analysis.
- [03/04/2020] SEIMI accepted to Oakland'20! It securely runs user code in kernel mode (ring 0) using virtualization techniques.
- [02/21/2020] Our fuzzing work got accepted to USENIX Security'20! Using a new context-sensitive fault-injection technique, we are able to effectively fuzz-test error-handling code that is largely missed by current fuzzing. Many new bugs were found in well-tested programs like OpenSSL.
- [02/15/2020] Our work on flexible and efficient memory protection for SGX got accepted to EuroSys'20! It uses only three bound registers to maintain six memory regions with different permissions.
- [02/02/2020] Our paper on precisely determining security bugs using conservative symbolic rule comparison has been accepted to NDSS'20
- [11/26/2019] Will join the program committee of ACM CCS'20
- [11/13/2019] Honored to receive The Best Paper Award from ACM CCS 2019!
- [07/30/2019] Got one paper that soundly and precisely identifies indirect-call targets in large programs accepted to ACM CCS'19
- [07/07/2019] My proposal on checking security checks in OS kernels has been recommended for funding. Thanks NSF!
My research aims to secure widely used system and foundational software, such as OS kernels and compilers, in a principled and practical manner---to discover new classes of vulnerabilities and threats, to detect security bugs, and to protect software systems from attacks. While actively discovering security issues with empirical analysis, I strive to ensure that the proposed detection and defense techniques are sharp and generic. My work has resulted in many updates in popular systems such as the Linux kernel, the Android OS, and Apple’s iOS. Specifically, I have been working towards my research goals in the following directions.
- Building-block development for software security
- Program analysis: Indirect-call analysis, alias analysis
- Defense: Intra-process isolation, control- and data-flow integrity
- Whole-kernel analysis for detecting security bugs
- Cross-checking, rule inference, staged symbolic execution, security-check identification, error-handling analysis
- Multi-dimensional and semantic-informed fuzzing
- Timing/concurrency mutation, context-sensitive fault injection (for fuzzing error handling)
- Compiler-bug discovery and secure compilation
- Concurrency bugs, memory disclosures, and side channels
- System hardening against runtime attacks
- Memory safety, control-flow integrity, (re-)randomization, execute-only memory (in SGX)
- PhD students
- Aditya Pakki
- Qiushi Wu
- Dong Bao
- Wenjia Zhao (visiting student from Xi'an Jiaotong)
- Dipanjan Das (visiting student from UCSB)
- Master's students
- Zhengwen Jiang
- Tanglin Zhou
- Undergraduate students
- Joe Numainville
|Assistant Professor||University of Minnesota, Minneapolis||2017.8 - Present|
|Visiting Scholar||MPI-SWS & CISPA, Saarland University, Saarbrücken, Germany||2016.5 - 2016.8|
|Visiting Scholar||MPI-SWS & CISPA, Saarland University, Saarbrücken, Germany||2015.5 - 2015.8|
|Research Intern||Samsung Research America, Santa Clara||2014.5 - 2014.8|
|Research Intern||NEC Labs America, Princeton||2013.5 - 2013.8|
|Research Assistant||Georgia Institute of Technology, Atlanta||2012.8 - 2017.8|
|Research Assistant||Singapore Management University, Singapore||2010.7 - 2012.6|
|Research Assistant||Peking University, Beijing, China||2009.9 - 2010.7|
- ACM Conference on Computer and Communications Security (CCS'18, '19, '20)
- The 27th USENIX Security Symposium (USENIX Security'18)
- The 13th ACM Asia Conference on Computer and Communications Security (AsiaCCS'18)