Kangjie Lu

Assistant Professor

Department of Computer Science & Engineering
University of Minnesota

Office: 5-217 Keller Hall, 200 Union St SE Minneapolis, MN 55455
Email: kjlu@umn.edu

Google scholar | GitHub


I am an assistant professor in the Computer Science & Engineering Department of the University of Minnesota--Twin Cities. I research and teach systems security. My primary research lies at the intersection of security, operating systems, program analysis, and compilers. My research also occasionally involves machine learning and computer architecture. I earned my Ph.D. in Computer Science from Georgia Tech in 2017.

I'm looking for Ph.D. students, a postdoc, and visiting students. If you are interested in systems and security, please feel free to contact me! See details.

News

  • [03/30/2020] Congrats to Aditya for his paper conditionally accepted to ACM CCS'20! This paper shows how exaggerated (excessive) error handling causes kernel and process crashing, and detects it with context-aware analysis.
  • [03/04/2020] SEIMI accepted to Oakland'20! It securely runs user code in kernel mode (ring 0) using virtualization techniques.
  • [02/21/2020] Our fuzzing work got accepted to USENIX Security'20! Using a new context-sensitive fault-injection technique, we are able to effectively fuzz-test error-handling code that is largely missed by current fuzzing. Many new bugs were found in well-tested programs like OpenSSL.
  • [02/15/2020] Our work on flexible and efficient memory protection for SGX got accepted to EuroSys'20! It uses only three bound registers to maintain six memory regions with different permissions.
  • [02/02/2020] Our paper on precisely determining security bugs using conservative symbolic rule comparison has been accepted to NDSS'20
  • [11/26/2019] Will join the program committee of ACM CCS'20
  • [11/13/2019] Honored to receive The Best Paper Award from ACM CCS 2019!
  • [07/30/2019] Got one paper that soundly and precisely identifies indirect-call targets in large programs accepted to ACM CCS'19
  • [07/07/2019] My proposal on checking security checks in OS kernels has been recommended for funding. Thanks NSF!
  • [06/21/2019] We got one paper on identifying security checks and detecting semantic bugs accepted to ESORICS'19
  • ...

Research

My research aims to secure widely used system and foundational software, such as OS kernels and compilers, in a principled and practical manner---to discover new classes of vulnerabilities and threats, to detect security bugs, and to protect software systems from attacks. While actively discovering security issues with empirical analysis, I strive to ensure that the proposed detection and defense techniques are sharp and generic. My work has resulted in many updates in popular systems such as the Linux kernel, the Android OS, and Apple’s iOS. Specifically, I have been working towards my research goals in the following directions.

  • Building-block development for software security
    • Program analysis: Indirect-call analysis, alias analysis
    • Defense: Intra-process isolation, control- and data-flow integrity
  • Whole-kernel analysis for detecting security bugs
    • Cross-checking, rule inference, staged symbolic execution, security-check identification, error-handling analysis
  • Multi-dimensional and semantic-informed fuzzing
    • Timing/concurrency mutation, context-sensitive fault injection (for fuzzing error handling)
  • Compiler-bug discovery and secure compilation
    • Concurrency bugs, memory disclosures, and side channels
  • System hardening against runtime attacks
    • Memory safety, control-flow integrity, (re-)randomization, execute-only memory (in SGX)

  • Exaggerated Error Handling Hurts! An In-Depth Study and Context-Aware Detection [PDF]
    Aditya Pakki, and Kangjie Lu.
    To appear in Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS'20). Orlando, FL, November 2020.
  • Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection [PDF]
    Zu-Ming Jiang, Jia-Ju Bai, Kangjie Lu, and Shi-Min Hu.
    To appear in Proceedings of the 29th USENIX Security Symposium (Security'20). Boston, MA, August 2020.
  • SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation [PDF]
    Zhe Wang, Chenggang Wu, Mengyao Xie, Yinqian Zhang, Kangjie Lu, Xiaofeng Zhang, Yuanming Lai, Yan Kang, and Min Yang.
    To appear in Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland'20). San Francisco, CA, May 2020.
  • MPTEE: Bringing Flexible and Efficient Memory Protection to Intel SGX [PDF]
    Wenjia Zhao, Kangjie Lu, and Yong Qi.
    To appear in Proceedings of the 15th European Conference on Computer Systems (EuroSys'20). Crete, Greece, April 2020.
  • Precisely Characterizing Security Impact in a Flood of Patches via Symbolic Rule Comparison [PDF]
    Qiushi Wu, Yang He, Stephen McCamant, and Kangjie Lu.
    In Proceedings of the 2020 Annual Network and Distributed System Security Symposium (NDSS'20). San Diego, CA, February 2020.
  • Where Does It Go? Refining Indirect-Call Targets with Multi-Layer Type Analysis [PDF]
    Kangjie Lu, and Hong Hu.
    In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS'19). London, UK, November 2019.
    ★ Best Paper Award (1/947)
  • Automatically Identifying Security Checks for Detecting Kernel Semantic Bugs [PDF | Code]
    Kangjie Lu, Aditya Pakki, and Qiushi Wu.
    In Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS'19). Luxembourg, September 2019.
  • Detecting Missing-Check Bugs via Semantic- and Context-Aware Criticalness and Constraints Inferences [PDF | Code]
    Kangjie Lu, Aditya Pakki, and Qiushi Wu.
    In Proceedings of the 28th USENIX Security Symposium (Security'19). Santa Clara, CA, August 2019.
  • Stopping Memory Disclosures via Diversification and Replicated Execution [PDF]
    Kangjie Lu, Meng Xu, Chengyu Song, Taesoo Kim, and Wenke Lee.
    IEEE Transactions on Dependable and Secure Computing (TDSC'18), October 2018.
  • Check it Again: Detecting Lacking-Recheck Bugs in OS Kernels [PDF | Code]
    Wenwen Wang, Kangjie Lu, and Pen-Chung Yew.
    In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS'18). Toronto, Canada, October 2018.
  • Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels [PDF]
    Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, and Taesoo Kim.
    In Proceedings of the 39th IEEE Symposium on Security and Privacy (Oakland'18). San Francisco, CA, May 2018.
  • Bunshin: Compositing Security Mechanisms through Diversification [PDF]
    Meng Xu, Kangjie Lu, Taesoo Kim, and Wenke Lee.
    In Proceedings of the 2017 USENIX Annual Technical Conference (ATC'17). Santa Clara, CA, July 2017.
  • Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying [PDF]
    Kangjie Lu, Marie-Therese Walter, David Pfaff, Stefan Nürnberger, Wenke Lee, and Michael Backes.
    In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS'17). San Diego, CA, February 2017.
  • UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages [PDF | Code | Page]
    Kangjie Lu, Chengyu Song, Taesoo Kim, and Wenke Lee.
    In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS'16). Vienna, Austria, October 2016.
  • Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques [PDF]
    Meng Xu, Chengyu Song, Yang ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, Sangho Lee, , and Taesoo Kim.
    ACM Computing Surveys (CSUR'16) 49(2), August 2016.
  • How to Make ASLR Win the Clone Wars: Runtime Re-Randomization [PDF | Demo | Code]
    Kangjie Lu, Stefan Nürnberger, Michael Backes, and Wenke Lee.
    In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS'16). San Diego, CA, February 2016.
  • Enforcing Kernel Security Invariants with Data Flow Integrity [PDF]
    Chengyu Song, Byoungyoung Lee, Kangjie Lu, William R. Harris, Taesoo Kim, and Wenke Lee.
    In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS'16). San Diego, CA, February 2016.
  • ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks [PDF | Code | Page]
    Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, and Wenke Lee.
    In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15). Denver, Colorado, October 2015.
  • SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps [PDF]
    Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, and Guofei Jiang.
    In Proceedings of the 24th USENIX Security Symposium (Security'15). Washington, DC, August 2015.
  • Software Watermarking using Return-Oriented Programming [PDF]
    Haoyu Ma, Kangjie Lu, Xinjie Ma, Haining Zhang, Chunfu Jia, and Debin Gao.
    In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS'15). Singapore, April–June 2015.
  • Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting [PDF]
    Kangjie Lu, Zhichun Li, Vasileios Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, and Guofei Jiang.
    In Proceedings of the 2015 Annual Network and Distributed System Security Symposium (NDSS'15). San Diego, CA, February 2015.
  • RopSteg: Program Steganography with Return Oriented Programming [PDF]
    Kangjie Lu, Siyang Xiong, and Debin Gao.
    In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY'14). San Antonio, Texas, USA, March 2014.
  • Jekyll on iOS: When Benign Apps Become Evil [PDF]
    Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee.
    In Proceedings of the 22th USENIX Security Symposium (Security'13). Washington, DC, August 2013.
  • deRop: Removing Return-Oriented Programming from Malware [PDF]
    Kangjie Lu, Dabi Zou, Weiping Wen, and Debin Gao.
    In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC'11). Orlando, Florida, USA, December 2011.
  • Packed, Printable, and Polymorphic Return-Oriented Programming [PDF]
    Kangjie Lu, Dabi Zou, Weiping Wen, and Debin Gao.
    In Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection (RAID'11). Menlo Park, California, USA, September 2011.

Advising

  • PhD students
    • Aditya Pakki, Qiushi Wu, Dong Bao, Wenjia Zhao (visiting student from Xi'an Jiaotong), Dipanjan Das (visiting student from UCSB)
  • Master's students
    • Zhengwen Jiang, Tanglin Zhou
  • Undergraduate students
    • Joe Numainville

Assistant Professor University of Minnesota, Minneapolis 2017.8 - Present
Visiting Scholar MPI-SWS & CISPA, Saarland University, Saarbrücken, Germany 2016.5 - 2016.8
Visiting Scholar MPI-SWS & CISPA, Saarland University, Saarbrücken, Germany 2015.5 - 2015.8
Research Intern Samsung Research America, Santa Clara 2014.5 - 2014.8
Research Intern NEC Labs America, Princeton 2013.5 - 2013.8
Research Assistant Georgia Institute of Technology, Atlanta 2012.8 - 2017.8
Research Assistant Singapore Management University, Singapore 2010.7 - 2012.6
Research Assistant Peking University, Beijing, China 2009.9 - 2010.7

Program Committees

  • ACM Conference on Computer and Communications Security (CCS'18, '19, '20)
  • The 27th USENIX Security Symposium (USENIX Security'18)
  • The 13th ACM Asia Conference on Computer and Communications Security (AsiaCCS'18)