Network and Information Security Lab @ Tsinghua University

A research team focusing on cyber security at Tsinghua University.
A playground for fun hacking and fundamental research.
Base of the CTF teams Blue-Lotus and RedBud.

News

Feb 2023 - Our paper Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack was accepted by USENIX Security 2023.

Feb 2023 - Our paper DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing was accepted by USENIX Security 2023.

Feb 2023 - Our paper MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries was accepted by USENIX Security 2023.

Jan 2023 - Our paper KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations was accepted by USENIX Security 2023.

Jan 2023 - Our paper Aegis: Mitigating Targeted Bit-flip Attacks against Deep Neural Networks was accepted by USENIX Security 2023.

Dec 2022 - Our paper Callee: Recovering Call Graphs for Binaries with Transfer and Contrastive Learning was accepted by IEEE S&P 2023.

Sep 2022 - Our paper AIFORE: Smart Fuzzing Based on Automatic Input Format Reverse Engineering was accepted by USENIX Security 2023.

Aug 2022 - Our paper PACMem: Enforcing Spatial and Temporal Memory Safety via ARM Pointer Authentication was accepted by ACM CCS 2022.

Aug 2022 - Our paper Evocatio: Conjuring Bug Capabilities from a Single PoC was accepted by ACM CCS 2022.

Aug 2022 - Our paper HTFuzz: Heap Operation Sequence Sensitive Fuzzing was accepted by ASE 2022.

June 2022 - Our paper StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing was accepted by USENIX Security 2022.

June 2022 - Our paper AutoDA: Automated Decision-based Iterative Adversarial Attacks was accepted by USENIX Security 2022.

May 2022 - Our paper jTrans: Jump-Aware Transformer for Binary Code Similarity Detection was accepted by ISSTA 2022.

May 2022 - Our paper BET: Black-box Efficient Testing for Convolutional Neural Networks was accepted by ISSTA 2022.

May 2022 - Our paper PrIntFuzz: Fuzzing Linux Drivers via Automated Virtual Device Simulation was accepted by ISSTA 2022.

May 2022 - Our paper NCScope: Hardware-Assisted Analyzer for Native Code in Android Apps was accepted by ISSTA 2022.

More......

Web Security

Cookie Integrity...

Network Security

Protocol security analysis and design, HTTPS, SDN, 5G, IPv6.
Link...

System Security

BlockChain Security, IoT Security, ICS Security

Software Security

Vulnerability analysis, discovery, exploit and mitigation. Malware analysis.

Data-driven Security

Intrusion detection, underground economy analysis.

AI Security

AI for security, and Secure AI.

Announcement

Looking for highly motivated students, postdoc, and research assistants.

Faculty positions are available as well.

Read more ...