Chao Zhang (张超)

Tenured Associate Professor
Huawei Endowed Professor
FIT 3-209 Tsinghua University, Beijing, China 100084
chaoz # tsinghua.edu.cn
chao.zhang # pku.edu.cn
chaoz # berkeley.edu (expired)

Headline

I am looking for highly-motivated collaborators all the time.

  • Positions: postdocs, visiting scholars, research assistants, interns
  • Topics: software security, program analysis, AI security, data security
  • Read more at contact page if you are interested.

About

Research Interests

Hack for Fun

Publications

Conferences

  1. jTrans: Jump-Aware Transformer for Binary Code Similarity Detection
    Hao Wang, Wenjie Qu, Gilad Katz, Wenyu Zhu, Zeyu Gao, Han Qiu, Jianwei Zhuge, Chao Zhang*
    To appear in the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’22), Daejeon, South Korea, July 2022
  2. BET: Black-box Efficient Testing for Convolutional Neural Networks
    Jialai Wang, Han Qiu*, Yi Rong, Hengkai Ye, Qi Li, Zongpeng Li, Chao Zhang*.
    To appear in the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’22), Daejeon, South Korea, July 2022
  3. PrIntFuzz: Fuzzing Linux Drivers via Automated Virtual Device Simulation
    Zheyu Ma, Bodong Zhao, Letu Ren, Zheming Li, Siqi Ma, Xiapu Luo, Chao Zhang*
    To appear in the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’22), Daejeon, South Korea, July 2022
  4. NCScope: Hardware-Assisted Analyzer for Native Code in Android Apps
    Hao Zhou, Shuohan Wu, Xiapu Luo*, Ting Wang, Yajin Zhou, Chao Zhang, Haipeng Cai
    To appear in the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’22), Daejeon, South Korea, July 2022
  5. 面向缓解机制评估的自动化信息泄漏方法
    杨松涛,陈凯翔,王准,张超*
    中国软件大会系统软件安全论坛, 西安,2022年12月
  6. Trade or Trick? Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange
    Pengcheng Xia, Haoyu Wang*, Bingyu Gao, Weihang Su, Zhou Yu, Xiapu Luo, Chao Zhang, Xusheng Xiao, Guoai Xu
    To appear in ACM SIGMETRICS 2022, Mumbai, India, June 2022
  7. ROLoad: Securing Sensitive Operations with Pointee Integrity
    Wende Tan, Yuan Li, Chao Zhang*, Xingman Chen, Songtao Yang, Ying Liu, Jianping Wu
    To appear in Design Automation Conference (DAC’21), San Francisco, Dec 2021
  8. Igor: Crash Deduplication Through Root-Cause Clustering
    Zhiyuan Jiang, Xiyue Jiang, Ahmad Hazimeh, Chaojing Tang, Chao Zhang*, Mathias Payer In the ACM Conference on Computer and Communications Security (CCS’21), virtual, Nov 2021
  9. ZKCPlus: Optimized Fair-exchange Protocol Supporting Practical and Flexible Data Exchange
    Yun Li, Cun Ye, Yuguang Hu, Ivring Morpheus, Yu Guo, Chao Zhang*, Yupeng Zhang, Zhipeng Sun, Yiwen Lu, Haodi Wang
    In the ACM Conference on Computer and Communications Security (CCS’21), virtual, Nov 2021
  10. VScape: Assessing and Escaping Virtual Call Protections
    Kaixiang Chen, Chao Zhang*, Tingting Yin, Xingman Chen, Lei Zhao
    In USENIX Security (Sec’21), virtual, Aug 2021
  11. MAZE: Towards Automated Heap Feng Shui
    Yan Wang, Chao Zhang*, Zixuan Zhao, Bolun Zhang, Xiaorui Gong, Wei Zou
    In USENIX Security (Sec’21), virtual, Aug 2021
  12. Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems
    Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, Zhi Xue
    In in USENIX Security (Sec’21), virtual, Aug 2021
  13. RAProducer: Efficiently Diagnose and Reproduce Data Race Bugs for Binaries via Trace Analysis
    Ming Yuan, Yeseop Lee, Chao Zhang*, Yun Li, Yan Cai, Bodong Zhao
    In the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’21), virtual, July 2021
  14. iDEV: Exploring and Exploiting Semantic Deviations in ARM Instruction Processing
    Shisong Qin, Chao Zhang*, Kaixiang Chen, Zheming Li
    In the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’21), virtual, July 2021
  15. ARGUS: Assessing Unpatched Vulnerable Devices on the Internet via Efficient Firmware Recognition
    Wei Xie, Chao Zhang, Penfei Wang, Zhenhua Wang, Qiang Yang
    In the 16th ACM ASIA Conference on Computer and Communications Security (ASIACCS’21), virtual, June 2021
  16. Code is the (F)Law: Demystifying and Mitigating Blockchain Inconsistency Attacks Caused by Software Bugs
    Guorui Yu, Shibin Zhao, Chao Zhang*, Zhiniang Peng, Yuandong Ni and Xinhui Han*
    In IEEE Conference on Computer Communications (INFOCOM’21), virtual, May 2021
  17. POP and PUSH: Demystifying and Defending against (Mach) Port-Oriented Programming
    Min Zheng, Xiaolong Bai, Yajin Zhou, Chao Zhang, and Fuping Qu
    In the Network and Distributed System Security Symposium (NDSS’21), virtual, Feb 2021
  18. Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms
    Yuan Li, Mingzhe Wang, Chao Zhang*, Xingman Chen, Songtao Yang, Ying Liu
    In the ACM Conference on Computer and Communications Security (CCS’20), virtual, Nov 2020
  19. Argot: Generating Adversarial Readable Chinese Texts
    Zihan Zhang, Mingxuan Liu, Chao Zhang*, Yiming Zhang, Zhou Li, Qi Li, Haixin Duan, Donghong Sun.
    In the 29th International Joint Conference on Artificial Intelligence (IJCAI’20), virtual, Jan 2021
  20. FANS: Fuzzing Android Native System Services via Automated Interface Analysis
    Baozheng Liu, Chao Zhang*, Guang Gong, Yishun Zeng, Haifeng Ruan, Jianwei Zhuge*.
    In the 29th USENIX Security Symposium (USENIX Security’20), virtual, Aug 2020
  21. GreyOne: Data-Flow Sensitive Fuzzing
    Shuitao Gan, Chao Zhang*, Xiaojun Qin, Peng Chen, Bodong Zhao, Zuoning Chen
    In the 29th USENIX Security Symposium (USENIX Security’20), virtual, Aug 2020
  22. A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned
    Bingchang Liu, Guozhu Meng*, Wei Zou, Qi Gong, Feng Li, Min Lin, Dandan Sun, Wei Huo, Chao Zhang.
    In the International Conference on Software Engineering (ICSE 2020), virtual, July 2020
  23. DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks
    Zhiyuan Lv, Youjian Zhao, Chao Zhang*, Haibin Li
    In the IEEE Conference on Computer Communications (IEEE INFOCOM 2020), virtual, July 2020
  24. SRFuzzer: An Automatic Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities
    Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Haoliang Lu, Longquan Liu, Chen Wang, and Dandan Sun, Chao Zhang, Baoxu Liu
    In the 35th Annual Computer Security Applications Conference (ACSAC’19)
  25. Fuzzing IPC with Knowledge Inference
    Kun Yang, Hanqing Zhao, Chao Zhang*, Jianwei Zhuge and Haixin Duan
    In the 38th International Symposium on Reliable Distributed Systems (SRDS’19)
  26. MOPT: Optimized Mutation Scheduling for Fuzzers
    Chenyang Lyu, Shouling Ji*, Chao Zhang*, Yuwei Li, Wei-Han Lee, Yu Song, Raheem Beyah
    In the 28th USENIX Security Symposium (USENIX Security’19), Santa Clara, CA, Aug 2019
  27. Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation)
    Yan Wang, Chao Zhang*, Xiaobo Xiang, Zixuan Zhao, Wenjie Li, Xiaorui Gong*, Bingchang Liu, Kaixiang Chen, Wei Zou
    In the ACM Conference on Computer and Communications Security (CCS’18), Toronto, Canada, Oct 2018
  28. Abusing CDNs for Fun and Profit: Security Issues in CDNs’ Origin Validation
    Run Guo, Jianjun Chen, Baojun Liu, Jia Zhang*, Chao Zhang*, Haixin Duan, Tao Wan, Jian Jiang, Shuang Hao, Yaoqi Jia
    In 37th IEEE International Symposium on Reliable Distributed Systems (SRDS 2018), Bahia, Brazil, Oct 2018
  29. αDiff: Cross-Version Binary Code Similarity Detection with DNN
    Bingchang Liu, Wei Huo*, Chao Zhang*, Wenchao Li, Feng Li, Aihua Piao, Wei Zou
    In IEEE/ACM Automated Software Engineering (ASE’18), Montpellier, France, Sep 2018
  30. ICUFuzzer: Fuzzing ICU Library for Exploitable Bugs in Multiple Software
    Kun Yang, Yuan Deng, Chao Zhang, Jianwei Zhuge and Haixin Duan
    In Information Security Conference (ISC’18), London, UK, Sep 2018

  31. CollAFL: Path Sensitive Fuzzing
    Shuitao Gan, Chao Zhang*, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, Zuoning Chen
    In IEEE Security & Privacy 2018 (IEEE S&P’18), San Francisco, CA, May 2018

  32. Towards Efficient Heap Overflow Discovery
    Xiangkun Jia, Chao Zhang*, Purui Su*, Yi Yang, Huafeng Huang, Dengguo Feng
    In the 26th {USENIX} Security Symposium ({USENIX} Security 17), Vancouver, BC, Aug 2017
  33. VTrust: Regaining Trust on Virtual Calls
    Chao Zhang, Scott A. Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, Dawn Song
    In the Network and Distributed System Security Symposium (NDSS’16), San Diego, CA, Feb 2016
  34. VTint: Protecting Virtual Function Tables’ Integrity
    Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, Dawn Song
    In the Network and Distributed System Security Symposium (NDSS’15), San Diego, CA, Feb 2015
  35. Exploiting and Protecting Dynamic Code Generation
    Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, David Melski
    In the Network and Distributed System Security Symposium (NDSS’15), San Diego, CA, Feb 2015
  36. JITScope: Protecting Web Users from Control-Flow Hijacking Attacks
    Chao Zhang, Mehrdad Niknami, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn Song
    In the 34th Annual IEEE International Conference on Computer Communications (INFOCOM’15), Hong Kong, China, April 2015

  37. The Store-and-Flood Distributed Reflective Denial of Service Attack
    Bingshuang Liu, Skyler Berg, Jun Li, Tao Wei, Chao Zhang, Xinhui Han
    In the 23rd International Conference on Computer Communications and Networks (ICCCN‘14), Shanghai, China, Aug 2014
  38. Android Low Entropy Demystified
    Yu Ding, Zhuo Peng, Yuanyuan Zhou, Chao Zhang
    In IEEE International Conference on Communications (ICC’14), Sydney, Australia, June 2014

  39. Splider: A Split-based Crawler of the BT-DHT Network and its Applications
    Bingshuang Liu, Shidong Wu, Tao Wei, Chao Zhang, Jun Li, Jianyu Zhang, Yu Chen, Chen Li
    In the 11th Annual IEEE Consumer Communications & Networking Conference (CCNC’14), Las Vegas, Nevada, Jan 2014
  40. Practical Control Flow Integrity & Randomization for Binary Executables
    Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, Wei Zou.
    In the 34th IEEE Symposium on Security & Privacy (IEEE S&P’13), San Francisco, CA, May 2013.
  41. Protecting Function Pointers in Binary
    Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant, Laszlo Szekeres.
    In the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS’13), Hangzhou, China, May 2013.

  42. A Framework to Eliminate Backdoors from Response Computable Authentication
    Shuaifu Dai, Tao Wei, Chao Zhang, Tielei Wang, Yu Ding, Wei Zou, Zhenkai Liang.
    In the 33rd IEEE Symposium on Security and Privacy (IEEE S&P’12), San Francisco, CA, May 2012.
  43. IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time
    Chao Zhang, Tielei Wang, Tao Wei, Yu Chen, Wei Zou.
    In the 15th European Symposium on Research in Computer Security (ESORICS’10), Athens, Greece, Sep. 2010.

Journals

  1. Automatic Generation of Adversarial Readable Chinese Texts
    Mingxuan Liu, Zihan Zhang, Chao Zhang*, Zhou Li, Qi Li, Haixin Duan*, Donghong Sun
    Accepted by Transactions on Dependable and Secure Computing (TDSC), 2022
  2. 面向缓解机制评估的自动化信息泄漏方法
    杨松涛,陈凯翔,王准,张超*
    软件学报, 2022, 33(6):0
  3. Windows平台恶意软件智能检测综述
    汪嘉来, 张超*, 戚旭衍, 荣易.
    计算机研究与发展, 2021, 58(5): 977-994
  4. ESRFuzzer: An Enhanced Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities
    Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Longquan Liu, Yanyan Zou*, Chao Zhang, Baoxu Liu.
    Cybersecur, 4, 24 (2021)
  5. Path Sensitive Fuzzing for Native Applications
    Shuitao Gan, Chao Zhang*, Xiaojun Qin, Xuwen Tu, Kang Li, Zhongyu Pei, and Zuoning Chen
    In Transactions on Dependable and Secure Computing (TDSC), vol. 19, no. 3, pp. 1544-1561, 1 May-June 2022.
  6. 智能合约安全漏洞研究综述
    倪远东, 张超*, 殷婷婷
    信息安全学报, 2020, 5(3): 78-99
  7. 程序逆向分析在软件供应链污染检测中的应用:研究综述
    武振华,张超*,孙贺,颜学雄
    计算机应用, 2020 40(1): 103-115

  8. From Proof-of-Concept to Exploitable (One Step towards Automatic Exploitability Assessment)
    Wang, Yan, Wei Wu, Chao Zhang, Xinyu Xing, Xiaorui Gong*, and Wei Zou.
    Cybersecurity, 2, 12 (2019)
  9. 程序分析研究进展
    张健,张超,玄跻峰,熊英飞,王千祥,梁彬,李炼,窦文生,陈振邦,陈立前,蔡彦
    软件学报,2019,30(1):0
  10. Fuzzing: a survey
    Jun Li, Bodong Zhao, Chao Zhang*
    Cybersecurity, 2018 1(1)
  11. Glibc 堆利用的若干方法
    裴中煜, 张超*, 段海新
    信息安全学报, 2018, 3(1): 1-15
  12. 二进制程序中的use-after-free漏洞检测技术
    韩心慧, 魏爽, 叶佳奕, 张超, 叶志远
    清华大学学报(自然科学版), 2017, 57(10): 1022-1029
  13. 基于敏感字符的 SQL注入攻击防御方法
    张慧琳, 丁羽, 张利华, 段镭, 张超, 韦韬, 李冠成, 韩心慧
    计算机研究与发展,2016, 53(10): 2262-2276
  14. Accurate and Efficient Exploit Capture and Classification
    Yu Ding, Tao Wei, Hui Xue, Yulong Zhang, Chao Zhang, Xinhui Han
    In SCIENCE CHINA Information Sciences (SCIS), 2017 60 052110:3
  15. SF-DRDoS: The store-and-flood distributed reflective denial of service attack
    Bingshuang Liu, Jun Li, Tao Wei, Skyler Berg, Jiayi Ye, Chen Li, Chao Zhang, Jianyu Zhang, Xinhui Han
    In Computer Communications, 2015, 69: 107-115
  16. Improving lookup reliability in Kad
    Bingshuang Liu, Tao Wei, Chao Zhang, Jun Li, Jianyu Zhang
    In Peer-to-Peer Networking and Applications (PPNA), 2015, 8(1)
  17. Using Type Analysis in Compiler to Eliminate Integer-Overflow-to-Buffer-Overflow Threat.
    Chao Zhang, Wei Zou, Tielei Wang, Yu Chen, Tao Wei.
    In Journal of Computer Security (JCS), Vol. 19, No. 6, Dec. 2011

Resources