Yu Jiang Ph.D
Associate Professor
School of Software, Tsinghua University, China
Software System Security Assurance Group
Email: jy1989@mail.tsinghua.edu.cn
Address: 11-319, East-Main Building, Tsinghua
Group Website: www.wingtecher.com
Our works and tools have discovered 1000+ bugs in widely used system software such as Safari, Linux Kernel, PostgreSQL, and MySql, with more than 300+ registered as CVEs at the US National Vulnerabilities Database. Details of the bug list and CVE list can be referred to http://www.wingtecher.com/bugs/cve.
Biography
I am an associate professor in the School of Software, Tsinghua University, Beijing, China. I received a BS degree in software engineering from the Beijing University of Post and Telecommunication, China, in 2010.6. I got my Ph.D. degree in computer science under the supervision of Prof. Jiaguang Sun from Tsinghua University in 2015.1. I worked with Prof. Lui Sha as a Postdoc at the University of Illinois at Urbana-Champaign, IL, USA, between 2015.03--2016.08. I joined the School of Software at Tsinghua University, as an assistant professor, between 2016.09--2019.11.
Research
Safety assured formal model-driven design of CPS
Aiming at the heterogeneous challenges of CPS, such as asynchronous and synchronous behaviors, a formal model-driven design method is proposed, which realizes the construction of heterogeneous CPS models and code generation algorithms. This method reduces the difficulty of CPS software coding and improves the correctness of the design process. We apply the approach in the design of automatic vehicle controllers, and the design of the medical cyber-physical system.
Security of embedded software
For the security issues of embedded software, a learning-based vulnerability search and fuzzing of cross-platform embedded firmware of IoT devices are proposed. Those methods reduce the difficulty of embedded software analysis and improve the correctness and effectiveness of vulnerability detection and defense methods.
Validation of basic software via cross-layer fuzzing
How to ensure the security of basic software systems has become a critical challenge. A defect detection and verification method for cross-layer software stack is proposed, where c/c++ applications, communication protocols, database, and operating system kernel are supported by our current fuzzing work. The approach significantly improves the efficiency of software bug detection ability for different types of systems.
Selected Awards
Best Paper Nominee, ACM SIGBED International Conference on Embedded Software (EMSOFT): 2022
SIGSOFT Distinguished Paper Award, ACM SIGSOFT International Symposium on Foundation of Software Engineering (FSE):2022
Webank Scholar, Webank: 2021
Early Career Award, NSFC: 2020
DAMO Academy Young Fellow, Alibaba: 2020
Best Paper Nominee, ACM SIGBED International Conference on Embedded Software (EMSOFT): 2020
Best Paper Nominee, ACM SIGSOFT International Conference on Software Engineering- Software Engineering in Practice(ICSE-SEIP): 2020
Best Paper Nominee, ACM SIGBED International Conference on Embedded Software (EMSOFT): 2019
Young Elite Scientists Sponsorship Program, CAST (China Association for Science and Technology): 2018
Microsoft Young Rising Star Program, Microsoft Aisa: 2017
Distinguished Dissertation Award, China Computer Federation (CCF): 2015
Selected Conference Publications (* means correspondence author)
Jie Liang, Zhiyong Wu, Jingzhou Fu, Yiyuan Bai, Qiang Zhang and Yu Jiang*: "WingFuzz: Implementing Continuous Fuzzing for DBMSs". USENIX Annual Technical Conference (ATC), 2024
Mingzhe Wang, Jie Liang, Chijin Zhou, Zhiyong Wu, Jingzhou Fu, Zhuo Su, Qing Liao, Bin Gu, Bodong Wu and Yu Jiang*: "Data Coverage for Guided Fuzzing". USENIX Security Symposium (SECURITY), 2024
Jie Liang, Mingzhe Wang, Chijin Zhou, Zhiyong Wu, Jianzhong Liu and Yu Jiang*: "Dodrio: Parallelizing Taint Analysis Based Fuzzing via Redundancy-Free Scheduling".ACM SIGSOFT International Symposium on Foundation of Software Engineering. (FSE), 2024
Yuheng Shen, Jianzhong Liu, Yiru Xu, Hao Sun, Mingzhe Wang, Nan Guan, Heyuan Shiand Yu Jiang*: " Enhancing ROS System Fuzzing through Callback Tracing". ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2024.
Zhuo Su, Zehong Yu, Dongyan Wang, Rui Wang, Yang Tao, and Yu Jiang*: "CFTCG: Test Case Generation for Simulink Model through Code Based Fuzzing". ACM Design Automation Conference (DAC), 2024
Zehong Yu, Zhuo Su, Yu Jiang*, Aiguo Cui, and Rui Wang: "Efficient Code Generation for Data-Intensive Simulink Models via Redundancy Elimination". ACM Design Automation Conference (DAC), 2024
Yifan Cheng, Zehong Yu, Zhuo Su, Ting Chen, Xiaosong Zhang, and Yu Jiang: "AccMoS: Accelerating Model Simulation for Simulink via Code Generation". ACM Design Automation Conference (DAC), 2024
Junze Yu, Zhengxiong Luo, Fangshangyuan Xia, Yanyang Zhao, Heyuan Shi, and Yu Jiang*: "SPFuzz: Stateful Path based Parallel Fuzzing for Protocols in Autonomous Vehicles". ACM Design Automation Conference (DAC), 2024
Jianzhong Liu, Yuheng Shen, Yiru Xu, Hao Sun, Heyuan Shi, and Yu Jiang*: "Effectively Sanitizing Embedded Operating Systems". ACM Design Automation Conference (DAC), 2024
Jie Liang, Jingzhou Fu, Zhiyong Wu, Mingzhe Wang, Chengnian Sun and Yu Jiang*: "Mozi: Discovering DBMS Bugs via Configuration-Based Equivalent Transformation". ACM SIGSOFT International Conference on Software Engineering(ICSE), 2024
Yiwei Hou, Lihua Guo, Chijin Zhou, Yiwen Xu, Zijing Yin, Shanshan Li, Chengnian Sun, and Yu Jiang*: " An Empirical Study of Data Disruption by Ransomware Attacks". ACM SIGSOFT International Conference on Software Engineering(ICSE), 2024
Yuanhang Zhou, Jingxuan Sun, Fuchen Ma, Yuanliang Chen, Zhen Yan, and Yu Jiang*: "Stop Pulling my Rug: Exposing Rug Pull Risks in Crypto Token to Investors". ACM SIGSOFT International Conference on Software Engineering - Software Engineering in Practice(ICSE-SEIP), 2024
Jingzhou Fu, Jie Liang, Zhiyong Wu, and Yu Jiang*: "Sedar: Obtaining High-Quality Seeds for DBMS Fuzzing via Cross-DBMS SQL Transfer". ACM SIGSOFT International Conference on Software Engineering(ICSE), 2024
Quan Zhang, Yiwen Xu, Zijing Yin, Chijin Zhou, and Yu Jiang*: "Automatic Policy Synthesis and Enforcement for Protecting Untrusted Deserialization". Network and Distributed System Security Symposium (NDSS), 2024
Zhengxiong Luo, Kai Liang, Yanyang Zhao, Feifan Wu, Junze Yu, Heyuan Shi and Yu Jiang*: "DYNPRE: Protocol Reverse Engineering via Dynamic Inference".Network and Distributed System Security Symposium (NDSS), 2024
Yuanliang Chen, Fuchen Ma, Yuanhang Zhou, Ming Gu, Qing Liao, and Yu Jiang*: "Chronos: Finding Timeout Bugs in Practical Distributed Systems by Deep-Priority Fuzzing with Transient Delay". IEEE Security and Privacy (S&P), 2024.
Hao Sun, Yiru Xu, Jianzhong Liu, Yuheng Shen, Nan Guan, and Yu Jiang*: "Finding Correctness Bugs in eBPF Verifier with Structured and Sanitized Program". ACM European Systems Conference (EuroSys), 2024
Yiru Xu, Hao Sun, Jianzhong Liu, Yuheng Shen, Yu Jiang*: "SATURN: Host-Gadget Synergistic USB Driver Fuzzing". IEEE Security and Privacy (S&P), 2024.
Fuchen Ma, Yuanliang Chen, Yuanhang Zhou, Jingxuan Sun, Yu Jiang*, Jiaguang Sun, Huizong Li: "Phoenix: Detect and Locate Resilience Issues in Blockchain via Context-Sensitive Chaos Submission". ACM Conference on Computer and Communications Security (CCS), 2023
Yuanliang Chen, Fuchen Ma, Yuanhang Zhou, Yu Jiang*, Ting Chen, Jiaguang Sun: "Tyr: Finding Consensus Failure Bugs in Blockchain System with Behaviour Divergent Model". IEEE Security and Privacy (S&P), 2023.
Chijin Zhou, Lihua Guo, Yiwei Hou, Zhenya Ma, Quan Zhang, Mingzhe Wang, Zhe Liu, and Yu Jiang*: "Limits of I/O Based Ransomware Detection: An Imitation Based Attack". IEEE Security and Privacy (S&P), 2023.
Zhuo Su, Zehong Yu, Dongyan Wang, Yixiao Yang, Rui Wang, Wanli Chang, Aiguo Cui and Yu Jiang*: "STCG: State-Aware Test Case Generation for Simulink Models". ACM Design Automation Conference (DAC), 2023
Mingrui Zhang, Chijin Zhou, Jianzhong Liu, Mingzhe Wang, Jie Liang, Juan Zhu, Yu Jiang*: "DAISY: Effective Fuzz Driver Synthesis with Object Usage Sequence Analysis". ACM International Conference on Software Engineering (ICSE-SEIP) 2023
Fuchen Ma, Yuanliang Chen, Meng Ren, Yuanhang Zhou, Yu Jiang*, Ting Chen, Huizong Li, Jiaguang Sun: "LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols". Network and Distributed System Security Symposium (NDSS), 2023
Zhengxiong Luo, Junze Yu, Feilong Zuo, Jianzhong Liu, Yu Jiang*, Ting Chen, Abhik Roychoudhury, Jiaguang Sun: "Bleem: Packet Sequence Oriented Fuzzing for Protocol Implementations". USENIX Security Symposium (SECURITY), 2023
Quan Zhang, Chijin Zhou, Yiwen Xu, Zijing Ying, Mingzhe Wang, Zhuo Su, Chengnian Sun, Yu Jiang*, Jiaguang Sun: "Building Dynamic System Call Sandbox With Partial Order Analysis". ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2023
Chijin Zhou, Quan Zhang, Lihua Guo, Mingzhe Wang, Yu Jiang*, Qing Liao, Zhiyong Wu, Shanshan Li, Bin Gu: "Towards Better Semantics Exploration for Browser Fuzzing". ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2023
Zhenyang Xu, Yongqiang Tian, Mengxiao Zhang, Gaosen Zhao, Yu Jiang, Chengnian Sun: "Pushing the Limit of 1-Minimality of Language-Agnostic Program Reduction". ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2023
Jie Liang, Yaoguang Chen, Zhiyong Wu, Jingzhou Fu, Mingzhe Wang, Yu Jiang*, Xiangdong Huang, Ting Chen, Jiashui Wang, Jiajia Li: "Sequence-Oriented DBMS Fuzzing". IEEE International Conference on Data Engineering (ICDE), 2023
Jingzhou Fu, Jie Liang, Zhiyong Wu, Mingzhe Wang and Yu Jiang*:" Griffin: Grammar-Free DBMS Fuzzing ". ACM SIGSOFT International Conference on Automated Software Engineering (ASE), 2022
Zijing Yin, Yiwen Xu, Chijin Zhou, Jianzhong Liu and Yu Jiang*:" Empirical Study of System Resources Abused by IoT Attackers". ACM SIGSOFT International Conference on Automated Software Engineering (ASE), 2022
Feilong Zuo, Zhengxiong Luo, Junze Yu, Aiguo Cui, Ting Chen and Yu Jiang*: "Vulnerability Detection of ICS Protocols Via Cross-State Fuzzing". ACM SIGBED International Conference on Embedded Software(EMSOFT,Best Paper Candidate), 2022
Yiwen Xu, Zijing Yin, Yiwei Hou, Jianzhong Liu, and Yu Jiang*: "Midas: Safeguarding IoT Devices Against Malware via Real-Time Behavior Auditing". ACM SIGBED International Conference on Embedded Software(EMSOFT), 2022
Yuheng Shen, Yiru Xu, Hao Sun, Jianzhong Liu, Heyuan Shi, Aiguo Cui and Yu Jiang*: "Tardis: Embedded Operating System Fuzz Testing with Coverage Guidance". ACM SIGBED International Conference on Embedded Software(EMSOFT), 2022
Zehong Yu, Zhuo Su, Yixiao Yang, Jie Liang, Aiguo Cui, Yu Jiang*, Wanli Chang and Rui Wang: "Mercury: Instruction Pipeline Aware Code Generation for Simulink Models". ACM SIGBED International Conference on Embedded Software(EMSOFT), 2022.
Hao Sun, Yuheng Shen, Yiru Xu, Jianzhong Liu, Yu Jiang*: "KSG: Augmenting Kernel Fuzzing with System Call Specification Generation". USENIX Annual Technical Conference (ATC), 2022
Zhiyong Wu, Jie Liang, Mingzhe Wang, Chijin Zhou, Yu Jiang*: "Unicorn: Detect Runtime Error in Time-Series Databases With Hybrid Input Synthesis". ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), South Korea, 2022
Chijin Zhou, Quan Zhang, Mingzhe Wang, Lihua Guo, Jie Liang, Zhe Liu, Mathias Payer, Yu Jiang*: "Minerva: Browser API Fuzzing with Dynamic Mod-Ref Analysis."In ACM SIGSOFT International Symposium on Foundation of Software Engineering. (FSE, SIGSOFT Distinguished Paper Award), 2022
Mingzhe Wang, Jie Liang, Chijin Zhou, Zhiyong Wu, Yu Jiang*: "ODIN: On-Demand Instrumentation with On-the-Fly Recompilation". ACM Programming Language Design and Implementation (PLDI), California, 2022.
Jie Liang, Mingzhe Wang, Chijin Zhou, Zhiyong Wu, Yu Jiang*, Jianzhong Liu, Zhe Liu, Jiaguang Sun: "PATA: Fuzzing with Path Aware Taint Analysis". IEEE Security and Privacy (S&P), 2022.
Zhuo Su, Zehong Yu, Dongyan Wang, Yixiao Yang, Yu Jiang*, Rui Wang, Wanli Chang and Jiaguang Sun: "HCG: Optimizing Embedded Code Generation of Simulink with SIMD Instruction Synthesis". ACM Design Automation Conference (DAC), San Francisco, CA, 2022.
Hao Sun, Yuheng Shen, Cong Wang, Jianzhong Liu, Yu Jiang*, Ting Chen, Aiguo Cui: "HEALER: Relation Learning Guided Kernel Fuzzing". ACM Symposium on Operating Systems Principles (SOSP), 2021
Mingzhe Wang, Jie Liang, Chijin Zhou, Yu Jiang, Rui Wang, Chengnian Sun, Jiaguang Sun: "RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing". USENIX Annual Technical Conference (ATC), Madrid, 2021.
Yuheng Shen, Hao Sun, Yixiao Yang, Yu Jiang, Wanli Chang, Heyuan Shi: "Rtkaller: State-aware Task Generation for RTOS Fuzzing". ACM SIGBED International Conference on Embedded Software(EMSOFT), 2021.
Meng Ren, Zijing Yin, Fuchen Ma, Zhenyang Xu, Yu Jiang*, Chengnian Sun, Huizhong Li, Yan Cai: "Empirical Evaluation of Smart Contract Testing: What is the Best Choice?". ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Denmark, 2021.
Quan Zhang, Yifeng Ding, Yongqiang Tian, Jianmin Guo, Min Yuan, Yu Jiang*: "AdvDoor: Adversarial Backdoor Attack of Deep Learning System". ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Denmark, 2021.
Feilong Zuo, Zhengxiong Luo, Junze Yu, Yu Jiang: "PAVFuzz: State-Sensitive Fuzz Testing of Protocols in Autonomous Vehicles". ACM Design Automation Conference (DAC), San Francisco, CA, 2021.
Dongning Ma, Jianmin Guo, Yu Jiang, Xun Jiao: "HDTest: Differential Fuzz Testing of Brain-Inspired Hyperdimensional Computing". ACM Design Automation Conference (DAC), San Francisco, CA, 2021.
Mingzhe Wang, Zhiyong Wu, Xinyi Xu, Jie Liang, Chijin Zhou, Huafeng Zhang, and Yu Jiang*: "Industry Practice of Coverage-Guided Enterprise-Level DBMS Fuzzing". ACM SIGSOFT International Conference on Software Engineering - Software Engineering in Practice(ICSE-SEIP), Madrid, 2021.
Mingrui Zhang, Jianzhong Liu, Fuchen Ma, Huafeng Zhang, and Yu Jiang*: "IntelliGen: Automatic Driver Synthesis for Fuzz Testing". ACM SIGSOFT International Conference on Software Engineering - Software Engineering in Practice(ICSE-SEIP), Madrid, 2021.
Jian Gao, Yiwen Xu, Yu Jiang*, Zhe Liu, Xun Jiao, Wanli Chang, and JIaguang Sun:" EM-Fuzz: Augmented Firmware Fuzzing via Memory Checking". ACM SIGBED International Conference on Embedded Software(EMSOFT, Best Paper Candidate), China, 2020.
Chitin Zhou, Mingzhe Wang, Jie Liang, and Yu Jiang*:" Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling". ACM SIGSOFT International Conference on Automated Software Engineering(ASE), Australia, 2020.
Zhengxiong Luo, Feilong Zuo, Yuheng Shen, Xun Jiao, Wanli Chang, and Yu Jiang*: "ICS Protocol Fuzzing: Coverage Guided Packet Crack and Generation".ACM Design Automation Conference(DAC), USA, 2020.
Xun Jiao, Dongning Ma, Wanli Chang, and Yu Jiang: "TEVoT: Timing Error Modeling of Functional Units under Dynamic Voltage and Temperature Variations".ACM Design Automation Conference(DAC), USA, 2020.
Cong Wang, Mingrui Zhang, Yu Jiang*, Huafeng Zhang, Zhenchang Xing, and Ming Gu: "Escape from Escape Analysis of Golang". ACM SIGSOFT International Conference on Software Engineering - Software Engineering in Practice(ICSE-SEIP, Best Paper Candidate), Korea, 2020.
Zhengxiong Luo, Feilong Zuo, Yu Jiang*, Jian Gao, Xun Jiao, and Jiaguang Sun: "Polar: Function Code Aware Fuzz Testing of ICS Protocol". ACM SIGBED International Conference on Embedded Software(EMSOFT, Best Paper Candidate), USA, 2019.
Yuanliang Chen, Yu Jiang*, Fuchen Ma, Jie Liang, Mingzhe Wang, Chijin Zhou, Xun Jiao, and Zuo Su:" EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers".USENIX Security Symposium (SECURITY), USA, 2019
Andrew Y.-Z. Ou, Maryam Rahmaniheris, Yu Jiang, Po-Liang Wu, and Lui Sha: "Toward Safe Interoperation in Network Connected Medical CPS Using Open-Loop Safe Protocol", ACM/IEEE 36th International Conference on Computer-Aided Design(ICCAD), USA, 2017.
Yu Jiang, Mingzhe Wang, Han Liu, Mohammad Hosseini, and Jiaguang Sun: "Dependable Integrated Clinical System Architecture with Runtime Verification", ACM/IEEE 36th International Conference on Computer-Aided Design(ICCAD), USA, 2017.
Han Liu, Chengnian Sun, Zhengdong Su, Yu Jiang*, Ming Gu, and Jiaguang Sun: "Stochastic Optimization of Program Obfuscation", ACM/IEEE 39th International Conference on Software Engineering (ICSE), Argentina, 2017.
Yu Jiang, Han Liu, Hui Kong, Rui Wang, Mohammad Hosseini, Jiaguang Sun and Lui Sha: "Use Runtime Verification to Improve the Quality of Medical Care Practice", ACM/IEEE 38th International Conference on Software Engineering (ICSE-SEIP): 112-122, USA, 2016.
Yu Jiang, Yixiao Yang, Han Liu, Hui Kong, Ming Gu, Jiaguang Sun, and Lui Sha: "From Stateflow Simulation to Verified Implementation: A Verification Approach and A Real-Time Train Controller Design".ACM/IEEE 22nd Real-Time Technology and Applications Symposium (RTAS): 231-241, Austria, 2016.
Selected Journal Publications (* means correspondence author)
Yuanhang Zhou, Fuchen Ma, Yuanliang Chen, Meng Ren, and Yu Jiang*: "CLFuzz: Vulnerability Detection of Cryptographic Algorithm Implementation via Semantic-Aware Fuzzing". ACM Transactions on Software Engineering and Methodology (TOSEM), 2023.
Jianzhong Liu, Yuheng Shen, Yiru Xu, Hao Sun, Yu Jiang*: "Horus: Accelerating Kernel Fuzzing Through Efficient Host-VM Memory Access Procedures". ACM Transactions on Software Engineering and Methodology (TOSEM), 2023.
Yongqiang Tian, Wuqi Zhang, Ming Wen, Shing-Chi Cheung, Chengnian Sun, Shiqing Ma, Yu Jiang: "Finding Deviated Behaviors of Compressed DNN Models for Image Classifications". ACM Transactions on Software Engineering and Methodology (TOSEM), 2023.
Fuchen Ma, Meng Ren, Lerong Ouyang, Yuanliang Chen, Juan Zhu, Ting Chen, Xiao Dai, Yu Jiang, Jiaguang Sun: “Pied-Piper: Revealing the Backdoor Threats in Ethereum ERC Token Contracts”. ACM Transactions on Software Engineering and Methodology (TOSEM), 2022.
Zijing Yin, Yiwen Xu, Fuchen Ma, Haohao Gao, Lei Qiao, Yu Jiang*: "Scanner++: Enhanced Vulnerability Detection of Web Applications with Attack Intent Synchronization". ACM Transactions on Software Engineering and Methodology (TOSEM), 2022.
Zhuo Su, Dongyan Wang, Zehong Yu, Yixiao Yang, Yu Jiang*, Rui Wang, Wanli Chang, Wen Li, Aiguo Cui and Jiaguang Sun:“PHCG: Optimizing Simulink Code Generation for Embedded System with SIMD Instructions”. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), 2022.
Fuchen Ma, Zhenyang Xu, Meng Ren, Zijing Yin, Yuanliang Chen, Lei Qiao, Bin Gu, Huizhong Li, Yu Jiang* and Jiaguang Sun:” Pluto: Exposing Vulnerabilities in Inter-Contract Scenarios”. IEEE Transactions on Software Engineering (TSE), 2021.
Jianmin Guo, Quan Zhang, Yue Zhao, Heyuan Shi, Yu Jiang, and Jiaguang Sun:” RNN-Test: Towards Adversarial Testing for Recurrent Neural Network Systems”. IEEE Transactions on Software Engineering (TSE), 2021.
Zhuo Su, Dongyan Wang, Yixiao Yang, Yu Jiang*, Wanli Chang, Liming Fang, Wen Li, and Jiaguang Sun: "Code Synthesis for Dataflow Based Embedded Software Design". IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), 2021.
Zhuo Su, Dongyan Wang, Yixiao Yang, Zhehong Yu, Wanli Chang, Wen Li, Aiguo Cui, Yu Jiang*, and Jiaguang Sun: "MDD: A Unified Model-Driven Design Framework for Embedded Control Software". IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), 2021.
Jie Liang, Yu Jiang*, Mingzhe Wang, Xun Jiao, Yuanliang Chen, Housing Song, Kim-Kwang Raymond Choo: DeepFuzzer: Accelerated Deep Greybox Fuzzing IEEE Transactions on dependable and secure computing (TDSC), 2019.
Jian Gao, Xin Yang, Yu Jiang, and Jiaguang Sun:" Semantic Learning-Based Cross-Platform Binary Vulnerability Search For IoT Devices ".IEEE Transactions on Industry Informatics (TII), 2019.
Yu Jiang, Houbing Song, Rui Wang, Ming Gu, Jiaguang Sun, and Lui Sha. Data-centered Runtime Verification of Wireless Medical Cyber-physical System. IEEE Transactions on Industry Informatics (TII), 2016.
Yu Jiang, Hehua Zhang, Huafeng Zhang, Han Liu, and Jiaguang Sun. Design of Mixed Synchronous/Asynchronous Systems with Multiple Clocks. IEEE Transactions on Parallel and Distributed Systems (TPDS), 2015.
Yu Jiang, Hehua Zhang, Zonghui Li, Ming Gu, and Jiaguang Sun. Design and Optimization of Multi-clocked Embedded Systems using Formal Techniques. IEEE Transactions on Industrial Electronics (TIE), 2015.
Yu Jiang, Hehua Zhang, Xiaoyu Song, Xun Jiao, William N. N. Hung, and Jiaguang Sun. Bayesian Network-Based Reliability Analysis of PLC Systems. IEEE Transactions on Industrial Electronics (TIE),2013.
Selected Projects
Security Testing of AI Software Stack (sole-PI-200,000 USD, 2023): The project mainly focuses on using fuzzing techniques to detect the bugs and vulnerabilities of the AI software stack, including the model, compiler, and library.
Fuzz Testing of Simulink Models (sole-PI-100,000 USD, Huawei: 2023): The project mainly focuses on using an SMT solver and search-based technique to improve the input generation for Simulink Models.
Security Testing of ICS protocols (PI-2,700,000 USD, Ministry of Science and Technology: 2023): The project mainly focuses on using machine learning to reverse the input format of ICS protocols, and apply fuzzing techniques to discover the previously unknown vulnerabilities of implementations.
Security Testing of Intelligent Manufacturing Software Stack (sole-PI-125,000 USD, NSFC:2022): The project mainly focuses on using fuzzing techniques to detect the bugs and vulnerabilities of the intelligent manufacturing software stack, including the platform, protocol, and firmware.
Kernel Fuzzing (sole-PI-300,000 USD, UnionTech:2021): The project mainly focuses on using relation learning and task synthesis to guide the syscall sequence generation and detect the logic or implementation vulnerability of the Linux kernel.
Consensus Protocol Fuzzing (sole-PI-150,000 USD, Webank:2021): The project mainly focuses on using predefined message mutation and on-chain status-aware packet generation to detect the logic or implementation vulnerability of consensus protocol in blockchain platforms.
Fuzzing Parallelizing and Ensembling (sole-PI-300,000 USD:2021): The project mainly focuses on using seed synchronization to achieve collaborative fuzzing of multiple fuzzers and using task dividing to improve the effectiveness of parallel mode of fuzzing.
Automatic Driver Synthesis for Fuzzing (sole-PI-120,000 USD, Huawei:2020): The project mainly focuses on fuzz driver synthesis with pointer analysis and type inference, to elevate the intensive labor of writing drivers to start fuzzing manually.
Coverage Guided Testing of Database System (sole-PI-77,000 USD, Alibaba:2020): The project mainly focuses on using dynamic analysis techniques to detect database management systems' performance and security issues.
Quality Assurance of Industrial Control Software (sole-PI-180,000 USD, NSFC, Early Career Award:2020): The project mainly focuses on using static analysis and dynamic analysis techniques to detect the vulnerabilities of typical protocols and OS kernels in industrial applications.
Trustworthy Embedded Software (sole-PI-2,870,000 USD, Huawei:2019): The project mainly focuses on using a formal computation model to specify the design requirements and generate the code automatically, and applying runtime verification to further ensure the correctness of the whole system, especially for the software systems on the autonomous car and wireless base station.
Fuzz Testing of Deep Learning System (sole-PI-65,000 USD, Webank:2019): The project mainly focuses on using differential testing to generate the adversary input for the deep learning network and also scan the backdoor of the deep learning systems, especially for the systems of voice and face recognition.
Validation of ICS Embedded Firmware (sole-PI-210,000 USD:2019): The project mainly focuses on using clone detection and fuzzing to detect the vulnerability of the cross-platform binaries, especially for the binary on the embedded devices of the power control system.
Dynamic Analysis of System Software-II (sole-PI-400,000 USD, Huawei:2018): The project mainly focuses on using a thread scheduling algorithm to detect the concurrency errors of the Java Bytecodes, especially for the data races, deadlock, and atomicity violation of applications running on JVM.
Security Analysis of Linux Kernel (sole-PI-80,000 USD, Alibaba:2018): The project mainly focuses on using patch analysis, relation learning, and guided syscall generation to detect the vulnerabilities of the Linux Kernel and RTOS kernel.
Test Generation for Verifying Control Software (sole-PI-92,000 USD, MHI:2018): The project mainly focuses on using search-based techniques to generate the test inputs for the Simulink Model to maximize the parameter combination coverage and the branch coverage, especially for the model for robot control.
Security Analysis of BlockChain System (sole-PI-90,000 USD, Webank:2018): The project mainly focuses on using static analysis and dynamic analysis to automatically generate the contracts and inputs for the vulnerability detection of the Ethereum virtual machine.
Professional Service
Editor Board :
ELSEVIER Journal of Systems Architecture: Embedded Software Design (Associate Editor, CCF-B), 2020-now
IEEE Transactions on Sustainable Computing (Associate Editor), 2021-now
TPC Member :
ACM Conference on Computer and Communications Security (CCS), 2024
IEEE/ACM Automated Software Engineering(ASE), 2024
ACM International Symposium on the Foundations of Software Engineering(FSE), 2024, 2025
ACM/IEEE International Conference on Software Engineering(ICSE),2021, 2024, 2025
ACM SIGSOFT International Symposium on Software Testing and Analysis(ISSTA), 2024,2025
USENIX Annual Technical Conference(ATC), 2023
ACM International Conference on Model-Driven Engineering Languages and Systems(MODELS), 2019, 2023
IEEE International Symposium on Software Reliability Engineering (ISSRE),2022, 2023,2024
IEEE Secure Development Conference(SecDev), 2022, 2023
ACM/IEEE Design Automation Conference(DAC), 2020, 2021, 2022
ACM/IEEE International Conference on Embedded Software(EMSOFT),2020, 2021, 2022, 2024
IEEE International Conference on Software Testing, Verification, and Validation(ICST), Industry Track, 2019, 2020,2021, 2022
ACM/IEEE Asia and South Pacific Design Automation Conference(ASP-DAC), 2021, 2022
IEEE/ACM International Conference on Automated Software Engineering(ASE). Tool Track, 2021
ACM International Symposium on the Foundations of Software Engineering(FSE), Industry Track, 2021
ACM International Conference on Cyber-Physical System(ICCPS), 2020
IEEE International Conference on Software Quality, Reliability, and Security(QRS), 2019, 2020, 2021,2022,2023,2024
IEEE Real-Time and Embedded Technology and Applications Symposium(RTAS), 2019
IEEE Asia-Pacific Software Engineering Conference(APSEC),2019,2020,2021,2022,2023
IEEE International Conference on Computers and Communications(ISCC), 2017, 2018.
Students
Postdocs :
Yixiao Yang (2020-2022): Now Assistant Professor, Captial Normal University
Jie Liang (2022-2024): Shuimu Scholar
Zhuo Su (2023-2025): Shuimu Scholar
Yanyang Zhao (2023-2025):
PhDs:
Yixiao Yang (2014-2020): Co-supervised with Prof. Jiaguang Sun: Now Assistant Professor, Captial Normal University
Chong Wang (2015-2020): Co-supervised with Prof. Jiaguang Sun: Now ByteDance
Heyuan Shi (2015-2020): Co-supervised with Prof. Jiaguang Sun: Now Associate Professor, Central South University
Jian Gao (2016-2021): Co-supervised with Prof. Jiaguang Sun: Now Five-star Ph.D. Plan, Huawei
Jianmin Guo (2017-2022): Co-supervised with Prof. Jiaguang Sun: Now Huawei
Jie Liang (2017-2022): Co-supervised with Prof.Jiaguang Sun: Now Postdoc, Tsinghua
Mingzhe Wang (2018-2023): Now Talented Boy Huawei
Zhuo Su (2018-2023): Co-supervised with Prof. Jiaguang Sun: Now Postdoc, Tsinghua
Fuchen Ma (2019-2024): Co-supervised with Prof. Jiaguang Sun:
Mingrui Zhang (2019-2024): Co-supervised with Prof. Jiaguang Sun:
Zhengxiong Luo (2019-2024):
Quan Zhang (2020-2025): Co-supervised with Prof. Jiaguang Sun:
Yuheng Shen (2020-2025):
Jianzhong Liu (2021-2025):
Chijin Zhou (2022-2025):
Jingzhou Fu (2022-2027):
Yuanliang Chen (2023-2026):
Guihuan Gao (2023-2028):
Yudong Liu (2023-2028): Co-supervised with Prof. Ming Gu:
Masters:
Tianchi Li (2015-2019): Co-supervised with Prof. Jiaguang Sun: Now ByteDance
Xin Yang (2016-2019): Co-supervised with Prof. Ming Gu: Now Nanjing Nanrui Group Company
Zhiqiang Yang (2016-2019): Co-supervised with Prof. Ming Gu: Now Oxford (Hainan) Blockchain Research Institute
Qian Ren (2016-2019): Co-supervised with Prof. Ming Gu: Now Oxford (Hainan) Blockchain Research Institute
Chengpeng Wang (2016-2019): Co-supervised with Prof. Jiaguang Sun: Now Ph.D. HKUST
Ying Fu (2017-2020): Co-supervised with Prof. Ming Gu: Now Ant Group
Yue Zhao (2017-2020): Co-supervised with Prof. Ming Gu: Now Huawei
Jingwen Chi (2017-2020): Co-supervised with Prof. Jiaguang Sun: Now Perfect World Co., Ltd
Yuanliang Chen (2017-2020): Co-supervised with Prof. Ming Gu: Ph.D. Oxford: Ph.D. Tsinghua
Chijin Zhou (2018-2021): Now Ph.D. Tsinghua
Meng Ren (2019-2022): Now Master Plan, Tencent
Feilong Zuo (2019-2022): Now Master Plan, Tencent
Yiwen Xu (2020-2023): Now, Alibaba
Zijing Yin (2020-2023): Now Ph.D. ETH
Hao Sun(2020-2023): Now Ph.D. ETH
Zhiyong Wu (2021-2024):
Junze Yu (2021-2024):
Zehong Yu (2021-2024):
Yiru Xu (2021-2024):
Yuanhang Zhou (2022-2025):
Feifan Wu (2022-2025):
Yiwei Hou (2022-2025):
Lihua Guo (2022-2025):
Wenqian Deng (2023-2026):
Qi Xu (2023-2026):