Yu Jiang Ph.D

Associate Professor

School of Software,  Tsinghua University,  China

Software System Security Assurance Group

Email: jy1989@mail.tsinghua.edu.cn

Address: 11-319, East-Main Building, Tsinghua

Group Website: www.wingtecher.com

Our works and tools have discovered 500+ bugs in widely used system software such as Safari, Linux Kernel, PostgreSQL, and MySql, with more than 200+ registered as CVEs at the US National Vulnerabilities Database. Details of the bug list and CVE list can be referred to  http://www.wingtecher.com/bugs/cve.


I am an associate professor in the school of software, Tsinghua University, Beijing, China. I received the BS degree in software engineering from the Beijing University of Post and Telecommunication, China, in 2010.6. I got my Ph.D. degree in computer science under the supervision of Prof. Jiaguang Sun from  Tsinghua University in 2015.1. I worked with Prof. Lui Sha as a Postdoc at the University of Illinois at Urbana-Champaign, IL, USA,  between 2015.03--2016.08. I joined the school of software at Tsinghua University, as an assistant professor, between 2016.09--2019.11. 


Safety assured formal model-driven design of CPS 

Aiming at the heterogeneous challenges of CPS, such as asynchronous and synchronous behaviors, a formal model-driven design method is proposed, which realizes the construction of heterogeneous CPS models and code generation algorithms. This method reduces the difficulty of CPS software coding and improves the correctness of the design process. We apply the approach in the design of vehicle bus controllers, and the design of the medical cyber-physical system.

Security of embedded software

For the security issues of embedded software,  a learning-based vulnerability search and fuzzing of cross-platform embedded firmware of IoT devices are proposed. Those methods reduce the difficulty of embedded software analysis and improve the correctness and effectiveness of vulnerability detection and defense methods. 

Validation of basic software via cross-layer fuzzing

How to ensure the security of basic software systems has become a critical challenge. A defect detection and verification method for cross-layer software stack is proposed, where c/c++ applications, communication protocols, database, and operating system kernel are supported by our current fuzzing work. The approach significantly improves the efficiency of software bug detection ability for different types of systems.

Selected Awards

Selected Publications (* means correspondence author)

Selected Projects

Professional Service

Editor Board :

TPC Member :

Reviewer :


Postdocs :