Chao Zhang (张超)
清华大学 华为冠名副教授,CCF杰出会员
清华大学FIT楼3-209
chaoz # tsinghua.edu.cn
头条
- 长期招聘对安全感兴趣的博士后、工程师、客座研究生、实习生等,邮件联系。
- 国家中关村实验室招聘应届毕业生、博士后、科研人员、管理人员。
- 山东泉城实验室招聘各类研究人员、工作人员。
- 参考技能树:C/C++,算法,操作系统,编译原理,汇编语言,调试/逆向,AI, 密码学。
履历
- 博导,VUL337系统安全研究组,蓝莲花战队教练
- 长聘副教授,清华大学网络研究院,中国,2022.1-今
- 准聘副教授,清华大学网络研究院,中国,2016.11-2021.12
- 博士后,UC Berkeley计算机系,美国,2013.9-2016.9
- 理学博士(计算机应用技术),北京大学王选计算机研究所,中国,2008.9-2013.7
- 理学学士(数学),北京大学数学学院,中国,2004.9-2008.7
- 高中,黄冈中学, 2001.9-2004.7
社会兼职
- 清华大学长聘副教授,博士生导师;
- 中国科学院·信工所·客座研究员(客座博导)
- 中国科学院·网络测评技术重点实验室·学术委员会委员
- 人工智能学会·人工智能与安全专委会·常务委员
- 中国计算机学会·系统软件专委会·执行委员
- 中国计算机学会·218 Club·执行委员
- 中国指挥与控制学会·理事
- 中国青年科技工作者协会·理事
- 北京大学数学学院院友会·理事
- InForSec网安国际学术论坛·组委会&技术委员会
研究兴趣
针对软件与系统安全领域漏洞与恶意代码等问题,面向主机、移动设备、物联网、车联网、区块链、人工智能系统等目标,综合运用软硬件协同、人工智能等技术,研究自动化、智能化攻防技术,构建软件安全智能分析系统。
针对数据安全与隐私计算问题,研究芯片、系统、编译、算法协同的实用化解决方案。
- 软件分析/二进制分析
- 漏洞挖掘
- (NDSS’25) Truman, (NDSS’25) EAGLEYE, (TOSEM) Graphuzz, (Sec’24) SDFUZZ, (Sec’24) OptFuzz, (Oakland’24) LABRADOR, (Oakland’24) WAF Manis, (INFOCOM’24) ConFuzz, (ICSE’24) InterProcedural, (NDSS’24) HermeScan, (NDSS’24) EnclaveFuzz, (NDSS’24) OverlayChecker, (NDSS’24) REQSMINER, (NDSS’24) ShapFuzz, (ASE’23) Thunderkaller, (SOSP’23) Refcount, (ISSTA’23) 1dFuzz, (Oakland’23) ODDFuzz, (Sec’23) DDRace, (Sec’23) MTSan, (Sec’23) KextFuzz, (TOSEM 2023) NSFuzz, (Sec’23) AIFORE, (ASE’22) HTFuzz, (Sec’22) StateFuzz, (ISSTA’22) PrIntFuzz, (Sec’21) SaTC , (TDSC 2020) CollAFL-bin, (Sec’20) GreyOne, (Sec’20) FANS, (Sec’19) MOPT, (Oakland’18) CollAFL, (Sec’17) HOTracer
- 漏洞分析
- (ASIACCS’23) RaceBench, (CCS’22) Evocatio, (CCS’21) Igor, (ISSTA’21) RAProducer, (ICSE’20) vul-dist
- 漏洞评估/利用
- 漏洞缓解/防利用
- AI安全
- 区块链安全/数据安全/车联网安全/网络安全
- (CCS’23) mining-pool, (ICSE-SEIP) ConSym, (信息安全学报) BATScope, (SIGMETRICS’22) Uniswap, (INFOCOM’21) INCITE
- (CCS’24) ml3pc, (Sec’23) 3PC, (CCS’21) ZKCPlus
- (Sec’23) CDN-Convex, (AutoSec’21) CANCloak
Hack for Fun
- 学生比赛成绩
- FATE(联邦学习)开源社区,发现RCE漏洞,年度技术特别贡献奖,2022
- 腾讯CSS安全探索论坛,专业奖(第二名),2019
- 腾讯CSS安全探索论坛,突破奖(第一名),2018
- DARPA Cyber Grand Challenge (CGC)机器自动攻防竞赛
- DEFCON CTF世界黑客夺旗攻防赛,第二名(2016)第五名(2015,2017)
- Microsoft BlueHat Prize Contest 特别提名奖(2012)
赛事服务
- 矩阵杯
- HVV演习
- 全国职工职业技能大赛
- DataCon
- 阿里云CTF, 2023
- 网鼎杯, 2024,2022
- BCTF AutoPwn, 2022
- OPPO安全AI挑战赛, 2021
- TianfuCUP“天府杯”裁判,2018,2019,2020,2021
- WCTF“世界黑客CTF大师挑战赛”, 2018,2019,2020
学术成果
会议论文:
2024:
VulShield: Protecting Vulnerable Code Before Deploying Patches
Yuan Li, Chao Zhang*, Jinhao Zhu, Penghui Li, Chenyang Li, Songtao Yang, Wende Tan
To appear in Network and Distributed System Security Symposium (NDSS’25), San Diego, California, Feb 2025Truman: Constructing Device Behavior Models from OS Drivers to Fuzz Virtual Devices
Zheyu Ma, Zheming Li, Tingting Yin, Wende Tan, Chao Zhang*, Mathias Payer
To appear in Network and Distributed System Security Symposium (NDSS’25), San Diego, California, Feb 2025EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via Routing Analysis
Hangtian Liu, Lei Zheng, Shuitao Gan, Chao Zhang, Zicong Gao, Hongqi Zhang, Yishun Zeng, Zhiyuan Jiang, Jiahai Yang
To appear in Network and Distributed System Security Symposium (NDSS’25), San Diego, California, Feb 2025Sublinear Distributed Product Checks on Replicated Secret-Shared Data over Z2𝑘 Without Ring Extensions
Yun Li, Daniel Escudero, Yufei Duan, Zhicong Huang, Cheng Hong, Chao Zhang, Yifan Song*
In ACM Conference on Computer and Communications Security (CCS’24), Salt Lake City, USA, Oct 2024Test Suites Guided Vulnerability Validation for Node.js Applications
Changhua Luo, Penghui Li*, Wei Meng, Chao Zhang
In ACM Conference on Computer and Communications Security (CCS’24), Salt Lake City, USA, Oct 2024CEBin: A Cost-Effective Framework for Large-Scale Binary Code Similarity Detection
Hao Wang, Zeyu Gao, Chao Zhang*, Mingyang Sun, Yuchen Zhou, Han Qiu, and Xi Xiao
In ACM SIGSOFT International Symposium on Software Testing and Analysis 2024 (ISSTA’24), Vienna, Austria, Sep 2024CLAP: Learning Transferable Binary Code Representations with Natural Language Supervision
Hao Wang, Zeyu Gao, Chao Zhang*, Zihan Sha, Mingyang Sun, Yuchen Zhou, Wenyu Zhu, Wenju Sun, Han Qiu, and Xi Xiao
In ACM SIGSOFT International Symposium on Software Testing and Analysis 2024 (ISSTA’24), Vienna, Austria, Sep 2024SDFUZZ: Target States Driven Directed Fuzzing
Penghui Li, Wei Meng, Chao Zhang
In 33nd USENIX Security Symposium (Sec’24), Philadelphia, PA, USA, Aug 2024Improving ML-based Binary Function Similarity Detection by Assessing and Deprioritizing Control Flow Graph Features
Jialai Wang, Chao Zhang*, Longfei Chen, Yi Rong, Yuxiao Wu, Hao Wang, Wende Tan, Qi Li, Zongpeng Li
In 33nd USENIX Security Symposium (Sec’24), Philadelphia, PA, USA, Aug 2024OptFuzz: Optimization Path Guided Fuzzing for JavaScript JIT Compilers
Jiming Wang, Yan Kang, Chenggang Wu*, Yuhao Hu, Yue Sun, Jikai Ren, Yuanming Lai, Mengyao Xie, Charles Zhang, Tao Li, Zhe Wang
In 33nd USENIX Security Symposium (Sec’24), Philadelphia, PA, USA, Aug 2024Virtual Compiler Is All You Need For Assembly Code Search
Zeyu Gao, Hao Wang, Yuanda Wang, Chao Zhang*
In the 62nd Annual Meeting of the Association for Computational Linguistics (ACL’24), Bangkok, Thailand, August 2024Laser Shield: a Physical Defense with Polarizer against Laser Attacks on Autonomous Driving Systems
Qingjie Zhang, Lijun Chi, Di Wang, Mounira Msahli, Gerard Memmi, Tianwei Zhang, Chao Zhang, and Han Qiu*
In Design Automation Conference 2024 (DAC’24), San Francisco, CA, USA, June 2024ConFuzz: Towards Large Scale Fuzz Testing of Smart Contracts in Ethereum
Taiyu Wong, Chao Zhang*, Yuandong Ni, Mingsen Luo, HeYing Chen, Yufei Yu, Weilin Li, Xiapu Luo, Haoyu Wang
In IEEE International Conference on Computer Communications (INFOCOM’24), Vancouver, Canada, May 2024LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices
Hangtian Liu, Shuitao Gan, Chao Zhang, Zicong Gao, Hongqi Zhang, Xiangzhi Wang, Guangming Gao
In IEEE Security & Privacy 2023 (IEEE S&P’24), San Francisco, CA, USA, May 2024Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls
Qi Wang, Jianjun Chen, Zheyu Jiang, Run Guo, Ximeng Liu, Chao Zhang, Haixin Duan
In IEEE Security & Privacy 2023 (IEEE S&P’24), San Francisco, CA, May 2024On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities
Zhen Li, Ning Wang, Deqing Zou*, Yating Li, Ruqian Zhang, Shouhuai Xu, Chao Zhang, Hai Jin
In 46th International Conference on Software Engineering (ICSE’24),, Lisbon, April 2024Faster and Better: Detecting Vulnerabilities in Linux-based IoT Firmware with Optimized Reaching Definition Analysis
Zicong Gao, Chao Zhang*, Hangtian Liu, Wenhou Sun, Zhizhuo Tang, Liehui Jiang, Jianjun Chen, Yong Xie
In the Network and Distributed System Security Symposium (NDSS’24), San Diego, CA, USA, Feb 2024EnclaveFuzz: Finding Vulnerabilities in SGX Applications
Liheng Chen, Zheming Li, Zheyu Ma, Yuan Li, Baojian Chen, Chao Zhang*
In the Network and Distributed System Security Symposium (NDSS’24), San Diego, CA, USA, Feb 2024Beyond the Surface: Uncovering the Unprotected Components of Android Against Overlay Attack
Hao Zhou, Shuohan Wu, Chenxiong Qian, Xiapu Luo, Haipeng Cai, Chao Zhang
In the Network and Distributed System Security Symposium (NDSS’24), San Diego, CA, USA, Feb 2024REQSMINER: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing
Linkai Zheng, Xiang Li, Chuhan Wang, Run Guo, Haixin Duan, Jianjun Chen, Chao Zhang, Kaiwen Shen
In the Network and Distributed System Security Symposium (NDSS’24), San Diego, CA, USA, Feb 2024SHAPFUZZ: Efficient Fuzzing via Shapley-Guided Byte Selection
Kunpeng Zhang, Xiaogang Zhu†, Xiao Xi, Minhui Xue, Chao Zhang, Sheng Wen
In Network and Distributed System Security Symposium (NDSS’24), San Diego, CA, USA, Feb 2024
2023:
- Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems
Weilin Li, Zhun Wang, Chenyu Li, Heying Chen, Taiyu Wong, Pengyu Sun, Yufei Yu, and Chao Zhang
In ACM Workshop on Decentralized Finance (ACM DeFi 2023), Copenhagen, Denmark, Nov 2023 - Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild
Zhenrui Zhang, Geng Hong, Xiang Li, Zhuoqun Fu, Jia Zhang, Mingxuan Liu, Chuhan Wang, Jianjun Chen, Baojun Liu, Haixin Duan, Chao Zhang, and Min Yang
In ACM Conference on Computer and Communications Security (CCS’23), Copenhagen, Denmark, Nov 2023 - One Simple API Can Cause Hundreds of Bugs: An Analysis of Refcounting Bugs in All Modern Linux Kernels
Liang He, Purui Su, Chao Zhang, Yan Cai, Jinxin Ma
In 29th ACM Symposium on Operating Systems Principles (SOSP’23), Koblenz, Germany, Oct 2023 - One-bit Flip is All You Need: When Bit-flip Attack Meets Model Training
Jianshuo Dong, Han Qiu, Yiming Li, Tianwei Zhang, Yuanjie Li, Zeqi Lai, Chao Zhang, Shu-Tao Xia
In International Conference on Computer Vision (ICCV’23), Paris, France, Oct 2023 - Thunderkaller: Profiling and Improving the Performance of Syzkaller
Yang Lan, Di Jin, Zhun Wang, Wende Tan, Zheyu Ma, Chao Zhang*
In 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23), Kirchberg, Luxembourg, Sep 2023 - KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations
Tingting Yin, Zicong Gao, Zhenghang Xiao, Zheyu Ma, Min Zheng, and Chao Zhang*
In 32nd USENIX Security Symposium (Sec’23), ANAHEIM, CA, USA, Aug 2023 - DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing
Ming Yuan, Bodong Zhao, Penghui Li, Jiashuo Liang, Xinhui Han, Xiapu Luo, and Chao Zhang*
In 32nd USENIX Security Symposium (Sec’23), ANAHEIM, CA, USA, Aug 2023 - MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries
Xingman Chen, Yinghao Shi, Zheyu Jiang, Yuan Li, Ruoyu Wang, Haixin Duan, Haoyu Wang, and Chao Zhang*
In 32nd USENIX Security Symposium (Sec’23), ANAHEIM, CA, USA, Aug 2023 - AIFORE: Smart Fuzzing Based on Automatic Input Format Reverse Engineering
Ji Shi, Zhun Wang, Zhiyao Feng, Yang Lan, Shisong Qin, Wei You, Wei Zou, Mathias Payer, and Chao Zhang*
In 32nd USENIX Security Symposium (Sec’23), ANAHEIM, CA, USA, Aug 2023 - Efficient 3PC for Binary Circuits with Application to Maliciously-Secure DNN Inference
Yun Li, Yufei Duan, Zhicong Huang, Cheng Hong, and Chao Zhang, Yifan Song
In 32nd USENIX Security Symposium (Sec’23), ANAHEIM, CA, USA, Aug 2023 - AlphaEXP: An Expert System for Identifying Security-Sensitive Kernel Objects
Ruipeng Wang, Kaixiang Chen, Chao Zhang, Siliang Qin, Zulie Pan, Shenglin Xu, Min Zhang, Qianyu Li, and Yang Li
In 32nd USENIX Security Symposium (Sec’23), ANAHEIM, CA, USA, Aug 2023 - Aegis: Mitigating Targeted Bit-flip Attacks against Deep Neural Networks
Jialai Wang, Ziyuan Zhang, Meiqi Wang, Han Qiu, Tianwei Zhang, Qi Li, Zongpeng Li, Tao Wei, and Chao Zhang
In 32nd USENIX Security Symposium (Sec’23), ANAHEIM, CA, USA, Aug 2023 - Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack
Run Guo, Jianjun Chen, Yihang Wang, Keran Mu, Baojun Liu, Xiang Li, Chao Zhang, Haixin Duan, Jianping Wu
In 32nd USENIX Security Symposium (Sec’23), ANAHEIM, CA, USA, Aug 2023 - PTStore: Lightweight Architectural Support for Page Table Isolation
Wende Tan, Yangyu Chen, Yuan Li, Ying Liu, Jianping Wu, Yu Ding, and Chao Zhang*
In Design Automation Conference (DAC’23), San Francisco, CA, USA, July 9-13 2023 - MPass: Bypassing Learning-based Static Malware Detectors
Jialai Wang, Wenjie Qu, Yi Rong, Han Qiu, Qi Li, Zongpeng Li, and Chao Zhang
In Design Automation Conference (DAC’23), San Francisco, CA, USA, July 9-13 2023 - 1dFuzz: Reproduce 1-day Vulnerabilities with Directed Differential Fuzzing
Songtao Yang, Yubo He, Kaixiang Chen, Zheyu Ma, Xiapu Luo, Yong Xie, Jianjun Chen, and Chao Zhang*
In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’23), Seattle, Washington, United States, July 2023 - RaceBench: A Triggerable and Observable Concurrency Bug Benchmark
Jiashuo Liang, Ming Yuan, Zhanzhao Ding, Siqi Ma, Xinhui Han*, and Chao Zhang
In ACM Conference on Computer and Communications Security (ASIACCS’23), Melbourne Australia, July 2023 - Callee: Recovering Call Graphs for Binaries with Transfer and Contrastive Learning
Wenyu Zhu, Zhiyao Feng, Zihan Zhang, Jianjun Chen, Zhijian Ou, Min Yang, Chao Zhang*
In IEEE Security & Privacy 2023 (IEEE S&P’23), San Francisco, CA, May 2023 - ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing
Sicong Cao, Biao He, Xiaobing Sun, Yu Ouyang, Chao Zhang, Xiaoxue Wu, Ting Su, Lili Bo, Bin Li, Chuanlei Ma, Jiajia Li, and Tao Wei
In IEEE Security & Privacy 2023 (IEEE S&P’23), San Francisco, CA, May 2023
2022:
- RoChBert: Towards Robust BERT Fine-tuning for Chinese
Zihan Zhang, Jinfeng Li, Ning Shi, Bo Yuan, Xiangyu Liu, Rong Zhang, Hui Xue, Donghong Sun, Chao Zhang*
In the 2022 Conference on Empirical Methods in Natural Language Processing (EMNLP-findings’22), Abu Dhabi, Dec 2022 - PACMem: Enforcing Spatial and Temporal Memory Safety via ARM Pointer Authentication
Yuan Li, Wende Tan, Zhizheng Lv, Songtao Yang, Mathias Payer, Ying Liu, Chao Zhang*
In ACM Conference on Computer and Communications Security (CCS’22), Los Angeles, CA, USA, Nov 2022 - Evocatio: Conjuring Bug Capabilities from a Single PoC
Zhiyuan Jiang, Shuitao Gan, Adrian Herrera, Flavio Toffalini, Lucio Romerio, Chaojing Tang, Manuel Egele, Chao Zhang, Mathias Payer
In ACM Conference on Computer and Communications Security (CCS’22), Los Angeles, CA, USA, Nov 2022 - HTFuzz: Heap Operation Sequence Sensitive Fuzzing
Yuanping Yu, Xiangkun Jia, Yuwei Liu, Yanhao Wang, Qian Sang, Chao Zhang, Purui Su
In 37th IEEE/ACM International Conference on Automated Software Engineering (ASE’22), Oakland Center, Michigan, United States, Oct 2022 - StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing
Bodong Zhao, Zheming Li, Shisong Qin, Zheyu Ma, Ming Yuan, Wenyu Zhu, Zhihong Tian, Chao Zhang*
In 31st USENIX Security Symposium (Sec’22), BOSTON, MA, USA, Aug 2022 - AutoDA: Automated Decision-based Iterative Adversarial Attacks
Qi-An Fu, Yinpeng Dong, Hang Su, Jun Zhu*, Chao Zhang
In 31st USENIX Security Symposium (Sec’22), BOSTON, MA, USA, Aug 2022 - jTrans: Jump-Aware Transformer for Binary Code Similarity Detection
Hao Wang, Wenjie Qu, Gilad Katz, Wenyu Zhu, Zeyu Gao, Han Qiu, Jianwei Zhuge, Chao Zhang*
In the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’22), Daejeon, South Korea, July 2022 - BET: Black-box Efficient Testing for Convolutional Neural Networks
Jialai Wang, Han Qiu*, Yi Rong, Hengkai Ye, Qi Li, Zongpeng Li, Chao Zhang*.
In the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’22), Daejeon, South Korea, July 2022 - PrIntFuzz: Fuzzing Linux Drivers via Automated Virtual Device Simulation
Zheyu Ma, Bodong Zhao, Letu Ren, Zheming Li, Siqi Ma, Xiapu Luo, Chao Zhang*
In the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’22), Daejeon, South Korea, July 2022 - NCScope: Hardware-Assisted Analyzer for Native Code in Android Apps
Hao Zhou, Shuohan Wu, Xiapu Luo*, Ting Wang, Yajin Zhou, Chao Zhang, Haipeng Cai
In the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’22), Daejeon, South Korea, July 2022 - Trade or Trick? Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange
Pengcheng Xia, Haoyu Wang*, Bingyu Gao, Weihang Su, Zhou Yu, Xiapu Luo, Chao Zhang, Xusheng Xiao, Guoai Xu
In ACM SIGMETRICS 2022, Mumbai, India, June 2022 - 面向缓解机制评估的自动化信息泄漏方法
杨松涛,陈凯翔,王准,张超*
中国软件大会系统软件安全论坛, 西安,2021年12月 - An Empirical Study on Implicit Constraints in Smart Contract Static Analysis
Tingting Yin, Chao Zhang*, Yuandong Ni, Yixiong Wu, Taiyu Wong, Xiapu Luo, Zheming Li, Yu Guo
In 44th International Conference on Software Engineering (ICSE-SEIP 2022), Pittsburgh, PA, USA, May 2022
2021:
- ROLoad: Securing Sensitive Operations with Pointee Integrity
Wende Tan, Yuan Li, Chao Zhang*, Xingman Chen, Songtao Yang, Ying Liu, Jianping Wu
In Design Automation Conference (DAC’21), San Francisco, Dec 2021 - Igor: Crash Deduplication Through Root-Cause Clustering
Zhiyuan Jiang, Xiyue Jiang, Ahmad Hazimeh, Chaojing Tang, Chao Zhang*, Mathias Payer
In the ACM Conference on Computer and Communications Security (CCS’21), virtual, Nov 2021 - ZKCPlus: Optimized Fair-exchange Protocol Supporting Practical and Flexible Data Exchange
Yun Li, Cun Ye, Yuguang Hu, Ivring Morpheus, Yu Guo, Chao Zhang*, Yupeng Zhang, Zhipeng Sun, Yiwen Lu, Haodi Wang
In the ACM Conference on Computer and Communications Security (CCS’21), virtual, Nov 2021 - VScape: Assessing and Escaping Virtual Call Protections
Kaixiang Chen, Chao Zhang*, Tingting Yin, Xingman Chen, Lei Zhao
In USENIX Security (Sec’21), virtual, Aug 2021 - MAZE: Towards Automated Heap Feng Shui
Yan Wang, Chao Zhang*, Zixuan Zhao, Bolun Zhang, Xiaorui Gong, Wei Zou
In USENIX Security (Sec’21), virtual, Aug 2021 - Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems
Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, Zhi Xue
In in USENIX Security (Sec’21), virtual, Aug 2021 - RAProducer: Efficiently Diagnose and Reproduce Data Race Bugs for Binaries via Trace Analysis
Ming Yuan, Yeseop Lee, Chao Zhang*, Yun Li, Yan Cai, Bodong Zhao
In the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’21), virtual, July 2021 - iDEV: Exploring and Exploiting Semantic Deviations in ARM Instruction Processing
Shisong Qin, Chao Zhang*, Kaixiang Chen, Zheming Li
In the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’21), virtual, July 2021 - ARGUS: Assessing Unpatched Vulnerable Devices on the Internet via Efficient Firmware Recognition
Wei Xie, Chao Zhang, Penfei Wang, Zhenhua Wang, Qiang Yang
In the 16th ACM ASIA Conference on Computer and Communications Security (ASIACCS’21), virtual, June 2021 - Code is the (F)Law: Demystifying and Mitigating Blockchain Inconsistency Attacks Caused by Software Bugs
Guorui Yu, Shibin Zhao, Chao Zhang*, Zhiniang Peng, Yuandong Ni and Xinhui Han*
In IEEE Conference on Computer Communications (INFOCOM’21), virtual, May 2021 - POP and PUSH: Demystifying and Defending against (Mach) Port-Oriented Programming
Min Zheng, Xiaolong Bai, Yajin Zhou, Chao Zhang, and Fuping Qu
In the Network and Distributed System Security Symposium (NDSS’21), virtual, Feb 2021 - CANCloak: Deceiving Two ECUs with One Frame
Li Yue, Zheming Li, Tingting Yin, Chao Zhang*
In Workshop on Automotive and Autonomous Vehicle Security (AutoSec’21), virtual, Feb 2021
2020:
- Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms
Yuan Li, Mingzhe Wang, Chao Zhang*, Xingman Chen, Songtao Yang, Ying Liu
In the ACM Conference on Computer and Communications Security (CCS’20), virtual, Nov 2020 - Argot: Generating Adversarial Readable Chinese Texts
Zihan Zhang, Mingxuan Liu, Chao Zhang*, Yiming Zhang, Zhou Li, Qi Li, Haixin Duan, Donghong Sun.
In the 29th International Joint Conference on Artificial Intelligence (IJCAI’20), virtual, Jan 2021 - FANS: Fuzzing Android Native System Services via Automated Interface Analysis
Baozheng Liu, Chao Zhang*, Guang Gong, Yishun Zeng, Haifeng Ruan, Jianwei Zhuge*.
In the 29th USENIX Security Symposium (Sec’20), virtual, Aug 2020 - GreyOne: Data-Flow Sensitive Fuzzing
Shuitao Gan, Chao Zhang*, Xiaojun Qin, Peng Chen, Bodong Zhao, Zuoning Chen
In the 29th USENIX Security Symposium (Sec’20), virtual, Aug 2020 - A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned
Bingchang Liu, Guozhu Meng*, Wei Zou, Qi Gong, Feng Li, Min Lin, Dandan Sun, Wei Huo, Chao Zhang.
In the International Conference on Software Engineering (ICSE 2020), virtual, July 2020 - DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks
Zhiyuan Lv, Youjian Zhao, Chao Zhang*, Haibin Li
In the IEEE Conference on Computer Communications (INFOCOM’20), virtual, July 2020
2019 and earlier:
- SRFuzzer: An Automatic Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities
Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Haoliang Lu, Longquan Liu, Chen Wang, and Dandan Sun, Chao Zhang, Baoxu Liu
In the 35th Annual Computer Security Applications Conference (ACSAC’19) - Fuzzing IPC with Knowledge Inference
Kun Yang, Hanqing Zhao, Chao Zhang*, Jianwei Zhuge and Haixin Duan
In the 38th International Symposium on Reliable Distributed Systems (SRDS’19) - MOPT: Optimized Mutation Scheduling for Fuzzers
Chenyang Lyu, Shouling Ji*, Chao Zhang*, Yuwei Li, Wei-Han Lee, Yu Song, Raheem Beyah
In the 28th USENIX Security Symposium (Sec’19), Santa Clara, CA, Aug 2019 - Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation)
Yan Wang, Chao Zhang*, Xiaobo Xiang, Zixuan Zhao, Wenjie Li, Xiaorui Gong*, Bingchang Liu, Kaixiang Chen, Wei Zou
In the ACM Conference on Computer and Communications Security (CCS’18), Toronto, Canada, Oct 2018 - Abusing CDNs for Fun and Profit: Security Issues in CDNs’ Origin Validation
Run Guo, Jianjun Chen, Baojun Liu, Jia Zhang*, Chao Zhang*, Haixin Duan, Tao Wan, Jian Jiang, Shuang Hao, Yaoqi Jia
In 37th IEEE International Symposium on Reliable Distributed Systems (SRDS 2018), Bahia, Brazil, Oct 2018 - αDiff: Cross-Version Binary Code Similarity Detection with DNN
Bingchang Liu, Wei Huo*, Chao Zhang*, Wenchao Li, Feng Li, Aihua Piao, Wei Zou
In IEEE/ACM Automated Software Engineering (ASE’18), Montpellier, France, Sep 2018 ICUFuzzer: Fuzzing ICU Library for Exploitable Bugs in Multiple Software
Kun Yang, Yuan Deng, Chao Zhang, Jianwei Zhuge and Haixin Duan
In Information Security Conference (ISC’18), London, UK, Sep 2018CollAFL: Path Sensitive Fuzzing
Shuitao Gan, Chao Zhang*, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, Zuoning Chen
In IEEE Security & Privacy 2018 (IEEE S&P’18), San Francisco, CA, May 2018- Towards Efficient Heap Overflow Discovery
Xiangkun Jia, Chao Zhang*, Purui Su*, Yi Yang, Huafeng Huang, Dengguo Feng
In the 26th {USENIX} Security Symposium (Sec’17), Vancouver, BC, Aug 2017 - VTrust: Regaining Trust on Virtual Calls
Chao Zhang, Scott A. Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, Dawn Song
In the Network and Distributed System Security Symposium (NDSS’16), San Diego, CA, Feb 2016 - VTint: Protecting Virtual Function Tables’ Integrity
Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, Dawn Song
In the Network and Distributed System Security Symposium (NDSS’15), San Diego, CA, Feb 2015 - Exploiting and Protecting Dynamic Code Generation
Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, David Melski
In the Network and Distributed System Security Symposium (NDSS’15), San Diego, CA, Feb 2015 JITScope: Protecting Web Users from Control-Flow Hijacking Attacks
Chao Zhang, Mehrdad Niknami, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn Song
In the 34th Annual IEEE International Conference on Computer Communications (INFOCOM’15), Hong Kong, China, April 2015- The Store-and-Flood Distributed Reflective Denial of Service Attack
Bingshuang Liu, Skyler Berg, Jun Li, Tao Wei, Chao Zhang, Xinhui Han
In the 23rd International Conference on Computer Communications and Networks (ICCCN‘14), Shanghai, China, Aug 2014 Android Low Entropy Demystified
Yu Ding, Zhuo Peng, Yuanyuan Zhou, Chao Zhang
In IEEE International Conference on Communications (ICC’14), Sydney, Australia, June 2014- Splider: A Split-based Crawler of the BT-DHT Network and its Applications
Bingshuang Liu, Shidong Wu, Tao Wei, Chao Zhang, Jun Li, Jianyu Zhang, Yu Chen, Chen Li
In the 11th Annual IEEE Consumer Communications & Networking Conference (CCNC’14), Las Vegas, Nevada, Jan 2014 - Practical Control Flow Integrity & Randomization for Binary Executables
Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, Wei Zou.
In the 34th IEEE Symposium on Security & Privacy (IEEE S&P’13), San Francisco, CA, May 2013. Protecting Function Pointers in Binary
Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant, Laszlo Szekeres.
In the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS’13), Hangzhou, China, May 2013.- A Framework to Eliminate Backdoors from Response Computable Authentication
Shuaifu Dai, Tao Wei, Chao Zhang, Tielei Wang, Yu Ding, Wei Zou, Zhenkai Liang.
In the 33rd IEEE Symposium on Security and Privacy (IEEE S&P’12), San Francisco, CA, May 2012. - IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time
Chao Zhang, Tielei Wang, Tao Wei, Yu Chen, Wei Zou.
In the 15th European Symposium on Research in Computer Security (ESORICS’10), Athens, Greece, Sep. 2010.
期刊论文
llasm: Naming Functions in Binaries by Fusing Encoder-only and Decoder-only LLMs
Zihan Sha, Hao Wang, Zeyu Gao, Hui Shu, Bolun Zhang, Ziqing Wang, Chao Zhang*
Accepted by ACM Transactions on Software Engineering and Methodology (TOSEM), 2024ROLoad-PMP: Securing Sensitive Operations for Kernels and Bare-Metal Firmware
Wende Tan, Chenyang Li, Yangyu Chen, Yuan Li, Chao Zhang*, Jianping Wu
Accepted by Transactions on Compuerts (TC), 2024Graphuzz: Data-driven Seed Scheduling for Coverage-guided Greybox Fuzzing
Hang Xu, Liheng Chen, Shuitao Gan, Chao Zhang*, Zheming Li, Jiangan Ji, Baojian Chen, Fan Hu
Accepted by ACM Transactions on Software Engineering and Methodology (TOSEM), 2024KextFuzz: A Practical Fuzzer for macOS Kernel EXTensions on Apple Silicon
Tingting Yin, Zicong Gao, Zhenghang Xiao, Zheyu Ma, Min Zheng, Chao Zhang*
Accepted by Transactions on Dependable and Secure Computing (TDSC), 2023- NSFuzz: Towards Efficient and State-Aware Network Service Fuzzing
Shisong Qin, Fan Hu, Zheyu Ma, Bodong Zhao, Tingting Yin, Chao Zhang*
Accepted by ACM Transactions on Software Engineering and Methodology (TOSEM), 2023 - Tunter: Assessing Exploitability of Vulnerabilities with Taint-Guided Exploitable States Exploration
Ruipeng Wang, Kaixiang Chen, Zulie Pan, Yuwei Li, Qianyu Li, Yang Li, Min Zhang, Chao Zhang
Computers & Security (COSE), 2023, 124: 102995 - TAICHI: Transform Your Secret Exploits Into Mine From a Victim’s Perspective
Zhongyu Pei, Xingman Chen, Songtao Yang, Haixin Duan, Chao Zhang*
Accepted by Transactions on Dependable and Secure Computing (TDSC), 2022 - Automatic Generation of Adversarial Readable Chinese Texts
Mingxuan Liu, Zihan Zhang, Chao Zhang*, Zhou Li, Qi Li, Haixin Duan*, Donghong Sun
In Transactions on Dependable and Secure Computing (TDSC), 20(2): 1756-1770 (2023) - BATscope:比特币恶意地址及混币交易识别
王大宇,殷婷婷,李赟,秦嗣量,任歆,罗夏朴,王浩宇,尹霞,张超*
Accepted by 信息安全学报 - CAMFuzz: Explainable Fuzzing with Local Interpretation
Ji Shi, Wei Zou, Chao Zhang*, Lingxiao Tan, Yanyan Zou, Yue Peng, Wei Huo
Cybersecurity 5, 17 (2022) - (EOLeak)面向缓解机制评估的自动化信息泄漏方法
杨松涛,陈凯翔,王准,张超*
软件学报, 2022, 33(6):0 - Path Sensitive Fuzzing for Native Applications
Shuitao Gan, Chao Zhang*, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, and Zuoning Chen
In Transactions on Dependable and Secure Computing (TDSC), vol. 19, no. 3, pp. 1544-1561, 1 May-June 2022 - Windows平台恶意软件智能检测综述
汪嘉来, 张超*, 戚旭衍, 荣易.
计算机研究与发展, 2021, 58(5): 977-994 - ESRFuzzer: An Enhanced Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities
Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Longquan Liu, Yanyan Zou*, Chao Zhang, Baoxu Liu.
Cybersecur, 4, 24 (2021) - 智能合约安全漏洞研究综述
倪远东, 张超*, 殷婷婷
信息安全学报, 2020, 5(3): 78-99 程序逆向分析在软件供应链污染检测中的应用:研究综述
武振华,张超*,孙贺,颜学雄
计算机应用, 2020 40(1): 103-115- From Proof-of-Concept to Exploitable (One Step towards Automatic Exploitability Assessment)
Wang, Yan, Wei Wu, Chao Zhang, Xinyu Xing, Xiaorui Gong*, and Wei Zou.
Cybersecurity, 2, 12 (2019) - 程序分析研究进展
张健,张超,玄跻峰,熊英飞,王千祥,梁彬,李炼,窦文生,陈振邦,陈立前,蔡彦
软件学报,2019,30(1):0 - Fuzzing: a survey
Jun Li, Bodong Zhao, Chao Zhang*
Cybersecurity, 2018 1(1) - Glibc 堆利用的若干方法
裴中煜, 张超*, 段海新
信息安全学报, 2018, 3(1): 1-15 - 二进制程序中的use-after-free漏洞检测技术
韩心慧, 魏爽, 叶佳奕, 张超, 叶志远
清华大学学报(自然科学版), 2017, 57(10): 1022-1029 - 基于敏感字符的 SQL注入攻击防御方法
张慧琳, 丁羽, 张利华, 段镭, 张超, 韦韬, 李冠成, 韩心慧
计算机研究与发展,2016, 53(10): 2262-2276 - Accurate and Efficient Exploit Capture and Classification
Yu Ding, Tao Wei, Hui Xue, Yulong Zhang, Chao Zhang, Xinhui Han
In SCIENCE CHINA Information Sciences (SCIS), 2017 60 052110:3 - SF-DRDoS: The store-and-flood distributed reflective denial of service attack
Bingshuang Liu, Jun Li, Tao Wei, Skyler Berg, Jiayi Ye, Chen Li, Chao Zhang, Jianyu Zhang, Xinhui Han
In Computer Communications, 2015, 69: 107-115 - Improving lookup reliability in Kad
Bingshuang Liu, Tao Wei, Chao Zhang, Jun Li, Jianyu Zhang
In Peer-to-Peer Networking and Applications (PPNA), 2015, 8(1) - Using Type Analysis in Compiler to Eliminate Integer-Overflow-to-Buffer-Overflow Threat.
Chao Zhang, Wei Zou, Tielei Wang, Yu Chen, Tao Wei.
In Journal of Computer Security (JCS), Vol. 19, No. 6, Dec. 2011
Resources
- CCF Conference Deadlines
- Security and Privacy Conference Deadlines
- Computer Security Conference Ranking and Statistic
- Statistics of Top 4 System Security Conferences
- Top Authors in Top4 Conferences
- Networking Conferences Statistics
- Compiler Conferences and Workshops
- Operating Systems Conferences
- Recommended network/information security conferences/journals by CCF (Chinese)