姓名:张超

职称:副教授

电话:+86 10 62603015

邮箱:chaoz@tsinghua.edu.cn

个人主页:http://netsec.ccert.edu.cn/chaoz/

教育背景

理学学士(数学),北京大学,中国,2004.9-2008.7

理学博士(计算机应用技术),北京大学,中国,2008.9-2013.7

博士后,UC Berkeley,美国,2013.9-2016.9

社会兼职

中国科学院软件所客座研究员

中国科学院网络测评技术重点实验室学术委员会委员

中国计算机学会YOCSEF委员

《信息安全学报》英文版 编委

IEEE S&P,CSET,BAR,SECURECOMM等多个国际学术会议TPC成员

研究领域

软件与系统安全

物联网及区块链等应用安全

软件分析技术

AI与安全

奖励与荣誉

国家“千人计划”青年项目(2017)

中国科协“青年人才托举工程”( 2016-2018)

中国计算机学会“青年人才发展计划”(2017)

DARPA Cyber Grand Challenge (CGC) 初赛防护第一名(2015),决赛攻击第二名(2016)

Defcon CTF夺旗攻防赛第二名(2016)第五名(2015,2017)

Microsoft BlueHat Prize Contest 特别提名奖(2012)

学术成果

会议论文:
[1] Shuitao Gan, Chao Zhang*, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, Zuoning Chen, CollAFL: Coverage Sensitive Fuzzing, To appear in IEEE Security & Privacy 2018 (IEEE S&P’18)

[2] Yuan Li, Chao Zhang*, Xiapu Luo, vCFI: Visible Control Flow Integrity for Cloud Tenants, In the 2nd Workshop on System Software for Trusted Execution (SysTEX 2017)

[3] Jun Li, Chao Zhang*, Semantic Sensitive Coverage-based Fuzzing, In the 2nd International Conference on Communications, Information Management and Network Security (CIMNS2017)

[4] Xiangkun Jia, Chao Zhang*, Purui Su*, Yi Yang, Huafeng Huang, Dengguo Feng, Towards Efficient Heap Overflow Discovery, In USENIX Security Symposium 2017 (Security’17)

[5] Chao Zhang, Scott A. Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, Dawn Song, VTrust: Regaining Trust on Virtual Calls, In the Network and Distributed System Security Symposium (NDSS'16), San Diego, CA, Feb 2016

[6] Chao Zhang, Mehrdad Niknami, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn Song, JITScope: Protecting Web Users from Control-Flow Hijacking Attacks, In the IEEE Conference on Computer Communications (InfoCom’15), Hong Kong, China, April 2015

[7] Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, Dawn Song, VTint: Protecting Virtual Function Tables’ Integrity , In the Network and Distributed System Security Symposium (NDSS’15), San Diego, CA, Feb 2015

[8] Chengyu Song, Chao Zhang*, Tielei Wang, Wenke Lee, David Melski, Exploiting and Protecting Dynamic Code Generation, In the Network and Distributed System Security Symposium (NDSS’15), San Diego, CA, Feb 2015

[9] Jiayi Ye, Chao Zhang, Xinhui Han, UAFChecker: Scalable Static Detection of Use-After-Free Vulnerabilities (poster), In the ACM Conference on Computer and Communications Security (CCS’14), Scottsdale, Arizona, Nov 2014

[10] Lihua Zhang, Yu Ding, Chao Zhang, Lei Duan, Zhaofeng Chen, Tao Wei, Xinhui Han, PHPGate: A Practical White-Delimiter-Tracking Protection against SQL-Injection for PHP (poster), In the 24th USENIX Security Symposium (Sec’14), San Diego, CA, Aug 2014

[11] Bingshuang Liu, Skyler Berg, Jun Li, Tao Wei, Chao Zhang, Xinhui Han, The Store-and-Flood Distributed Reflective Denial of Service Attack, In the 23rd International Conference on Computer Communications and Networks (ICCCN’14), Shanghai, China, Aug 2014

[12] Yu Ding, Zhuo Peng, Yuanyuan Zhou, Chao Zhang, Android Low Entropy Demystified, In IEEE International Conference on Communications (ICC’14), Sydney, Australia, June 2014

[13] Yu Ding, Chao Zhang, Tao Wei, Unider: Exploit Attack Emulator Armed with State-of-Art Exploit Techniques (poster), In the Network and Distributed System Security Symposium (NDSS’14), San Diego, CA, Feb 2014

[14] Bingshuang Liu, Shidong Wu, Tao Wei, Chao Zhang, Jun Li, Jianyu Zhang, Yu Chen, Chen Li, Splider: A Split-based Crawler of the BT-DHT Network and its Applications, In Annual IEEE Consumer Communications & Networking Conference (CCNC’14), Las Vegas, NV, Jan 2014

[15] Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, Wei Zou, Practical Control Flow Integrity & Randomization for Binary Executables, In the 34th IEEE Symposium on Security & Privacy (IEEE S&P’13), San Francisco, CA, May 2013

[16] Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant, Laszlo Szekeres, Protecting Function Pointers in Binary, In the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS’13), Hangzhou, China, May 2013

[17] Chao Zhang, Lei Duan, Tao Wei, Wei Zou, SecGOT: Secure global offset tables in ELF executables, In the Proceedings of the International Conference on Computer Science and Electronics Engineering, Hangzhou, China,Mar 2013

[18] Tao Wei, Chao Zhang, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, FPGate: The Last Building Block For A Practical CFI Solution, Technical Report for Microsoft BlueHat Prize Contest, Apr. 2012

[19] Shuaifu Dai, Tao Wei, Chao Zhang, Tielei Wang, Yu Ding, Wei Zou, Zhenkai Liang, A Framework to Eliminate Backdoors from Response Computable Authentication, In the 33rd IEEE Symposium on Security and Privacy (IEEE S&P’12), San Francisco, CA, May 2012

[20] Chao Zhang, Tielei Wang, Tao Wei, Yu Chen, Wei Zou, IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time, In the 15th European Symposium on Research in Computer Security (ESORICS’10), Athens, Greece, Sep. 2010

[21] 张利华,韦韬,李坤,毛剑, 张超,邹维,LinkTrust:一种基于PageRank的钓鱼网站检测方法,第五届信息安全漏洞分析与风险评估大会 (VARA 2012),上海,2012年12月

期刊论文:
[1] Yu Ding, Tao Wei, Hui Xue, Yulong Zhang, Chao Zhang, Xinhui Han, Accurate and Efficient Exploit Capture and Classification, SCIENCE CHINA Information Sciences (SCIS), Vol. 60, No. 5, 2016

[2] Bingshuang Liu, Jun Li, Tao Wei, Skyler Berg, Jiayi Ye, Chen Li, Chao Zhang, Jianyu Zhang, Xinhui Han, SF-DRDoS: The store-and-flood distributed reflective denial of service attack, In Computer Communications, Vol. 69, Sep. 2015

[3] Bingshuang Liu, Tao Wei, Chao Zhang, Jun Li, Jianyu Zhang, Improving lookup reliability in Kad, In Peer-to-Peer Networking and Applications (PPNA), Vol. 8, Issue 1, January 2015

[4] Chao Zhang, Wei Zou, Tielei Wang, Yu Chen, Tao Wei, Using Type Analysis in Compiler to Eliminate Integer-Overflow-to-Buffer-Overflow Threat, In Journal of Computer Security (JCS), Vol. 19 No. 6, Dec. 2011

[5] 裴中煜, 张超*, 段海新,Glibc 堆利用的若干方法,信息安全学报, 2018, 3(1): 1-15

[6] 韩心慧, 魏爽, 叶佳奕, 张超, 叶志远,二进制程序中的use-after-free漏洞检测技术,清华大学学报(自然科学版), 2017, 57(10): 1022-1029

[7] 张慧琳, 丁羽, 张利华, 段镭, 张超, 韦韬, 李冠成, 韩心慧,基于敏感字符的 SQL注入攻击防御方法,计算机研究与发展,2016,53(10)