Yu Jiang Ph.D


Associate Professor

School of Software, Tsinghua University, China

Software System Security Assurance Group

Email: jy1989@mail.tsinghua.edu.cn

Address: 11-319, East-Main Building, Tsinghua

Group Website: www.wingtecher.com

Our works and tools have discovered 500+ bugs in widely used system software such as Safari, Linux Kernel, PostgreSQL, and MySql, with more than 170+ registered as CVEs at the US National Vulnerabilities Database. Details of the bug list and CVE list can be referred to http://www.wingtecher.com/bugs/cve.

Biography

I am an associate professor in the school of software, Tsinghua University, Beijing, China. I received the BS degree in software engineering from the Beijing University of Post and Telecommunication, China, in 2010.6. I got my Ph.D. degree in computer science under the supervision of Prof. Jiaguang Sun from Tsinghua University in 2015.1. I worked with Prof. Lui Sha as a Postdoc at the University of Illinois at Urbana-Champaign, IL, USA, between 2015.03--2016.08. I joined the school of software at Tsinghua University, as an assistant professor, between 2016.09--2019.11.

Research

Safety assured formal model-driven design of CPS

Aiming at the heterogeneous challenges of CPS, such as asynchronous and synchronous behaviors, a formal model-driven design method is proposed, which realizes the construction of heterogeneous CPS models and code generation algorithms. This method reduces the difficulty of CPS software coding and improves the correctness of the design process. We apply the approach in the design of vehicle bus controllers, and the design of the medical cyber-physical system.

Security and reliability analysis of embedded software

For the reliability and security issues of embedded software, a dynamic Bayesian network-based reliability analysis model for the ladder program used in programmable logic controller and a learning-based vulnerability search and fuzzing of cross-platform embedded firmware of IoT devices are proposed. Those methods reduce the difficulty of embedded software analysis and improve the correctness of the reliability calculation and the effectiveness of vulnerability detection.

Validation of integrated systems via cross-layer fuzzing

AI is becoming an integral part of future CPS systems such as self-driving cars and robotics. How to ensure the security of these integrated systems has become a critical challenge. A defect detection and verification method for cross-layer software stack is proposed, where deep learning models, c/c++ applications, Ethereum virtual machine, communication protocols, and embedded operating system kernel are supported by our current fuzzing work. The approach significantly improves the efficiency of software bug detection ability and the adversarial input generation ability for deep learning models..

Selected Awards

  • Best Paper Nominee, ACM SIGBED International Conference on Embedded Software (EMSOFT): 2022

  • SIGSOFT Distinguished Paper Award, ACM SIGSOFT International Symposium on Foundation of Software Engineering (FSE):2022

  • Webank Scholar, Webank: 2021

  • Early Career Award, NSFC: 2020

  • DAMO Academy Young Fellow, Alibaba: 2020

  • Best Paper Nominee, ACM SIGBED International Conference on Embedded Software (EMSOFT): 2020

  • Best Paper Nominee, ACM SIGSOFT International Conference on Software Engineering- Software Engineering in Practice(ICSE-SEIP): 2020

  • Best Paper Nominee, ACM SIGBED International Conference on Embedded Software (EMSOFT): 2019

  • Young Elite Scientists Sponsorship Program, CAST (China Association for Science and Technology): 2018

  • Microsoft Young Rising Star Program, Microsoft Aisa: 2017

  • Distinguished Dissertation Award, China Computer Federation (CCF): 2015

Selected Publications

  • Jingzhou Fu, Jie Liang, Zhiyong Wu, Mingzhe Wang and Yu Jiang*:" Griffin: Grammar-Free DBMS Fuzzing ". ACM SIGSOFT International Conference on Automated Software Engineering (ASE), 2022

  • Zijing Yin, Yiwen Xu, Chijin Zhou, Jianzhong Liu and Yu Jiang*:" Empirical Study of System Resources Abused by IoT Attackers". ACM SIGSOFT International Conference on Automated Software Engineering (ASE), 2022

  • Feilong Zuo, Zhengxiong Luo, Junze Yu, Aiguo Cui, Ting Chen and Yu Jiang*: "Vulnerability Detection of ICS Protocols Via Cross-State Fuzzing". ACM SIGBED International Conference on Embedded Software(EMSOFT,Best Paper Candidate), 20212

  • Yiwen Xu, Zijing Yin, Yiwei Hou, Jianzhong Liu and Yu Jiang*: "Midas: Safeguarding IoT Devices Against Malware via Real-Time Behavior Auditing". ACM SIGBED International Conference on Embedded Software(EMSOFT), 2022

  • Yuheng Shen, Yiru Xu, Hao Sun, Jianzhong Liu, Heyuan Shi, Aiguo Cui and Yu Jiang*: "Tardis: Embedded Operating System Fuzz Testing with Coverage Guidance". ACM SIGBED International Conference on Embedded Software(EMSOFT), 2022

  • Zehong Yu, Zhuo Su, Yixiao Yang, Jie Liang, Aiguo Cui, Yu Jiang*, Wanli Chang and Rui Wang: "Mercury: Instruction Pipeline Aware Code Generation for Simulink Models". ACM SIGBED International Conference on Embedded Software(EMSOFT), 2022.

  • Hao Sun, Yuheng Shen, Yiru Xu, Jianzhong Liu, Yu Jiang*: "KSG: Augmenting Kernel Fuzzing with System Call Specification Generation". USENIX Annual Technical Conference (ATC), 2022

  • Zhiyong Wu, Jie Liang, Mingzhe Wang, Chijin Zhou, Yu Jiang*: "Unicorn: Detect Runtime Error in Time-Series Databases With Hybrid Input Synthesis". ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), South Korea, 2022

  • Chijin Zhou, Quan Zhang, Mingzhe Wang, Lihua Guo, Jie Liang, Zhe Liu, Mathias Payer, Yu Jiang* :"Minerva: Browser API Fuzzing with Dynamic Mod-Ref Analysis."In ACM SIGSOFT International Symposium on Foundation of Software Engineering. (FSE, SIGSOFT Distinguished Paper Award), 2022

  • Mingzhe Wang, Jie Liang, Chijin Zhou, Zhiyong Wu, Yu Jiang*: "ODIN: On-Demand Instrumentation with On-the-Fly Recompilation". ACM Programming Language Design and Implementation (PLDI), California, 2022.

  • Jie Liang, Mingzhe Wang, Chijin Zhou, Zhiyong Wu, Yu Jiang*, Jianzhong Liu, Zhe Liu, Jiaguang Sun: "PATA: Fuzzing with Path Aware Taint Analysis". IEEE Security and Privacy (S&P), 2022.

  • Zhuo Su, Zehong Yu, Dongyan Wang, Yixiao Yang, Yu Jiang*, Rui Wang, Wanli Chang and Jiaguang Sun: "HCG: Optimizing Embedded Code Generation of Simulink with SIMD Instruction Synthesis". ACM Design Automation Conference (DAC), San Francisco, CA, 2022.

  • Hao Sun, Yuheng Shen, Cong Wang, Jianzhong Liu, Yu Jiang*, Ting Chen, Aiguo Cui: "HEALER: Relation Learning Guided Kernel Fuzzing". ACM Symposium on Operating Systems Principles (SOSP), 2021

  • Mingzhe Wang, Jie Liang, Chijin Zhou, Yu Jiang*, Rui Wang, Chengnian Sun, Jiaguang Sun: "RIFF: Reduced Instruction Footprint for Coverage-Guided Fuzzing". USENIX Annual Technical Conference (ATC), Madrid, 2021.

  • Yuheng Shen, Hao Sun, Yixiao Yang, Yu Jiang*, Wanli Chang, Heyuan Shi: "Rtkaller: State-aware Task Generation for RTOS Fuzzing". ACM SIGBED International Conference on Embedded Software(EMSOFT), 2021.

  • Meng Ren, Zijing Yin, Fuchen Ma, Zhenyang Xu, Yu Jiang*, Chengnian Sun, Huizhong Li, Yan Cai: "Empirical Evaluation of Smart Contract Testing: What is the Best Choice?". ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Denmark, 2021.

  • Quan Zhang, Yifeng Ding, Yongqiang Tian, Jianmin Guo, Min Yuan, Yu Jiang*: "AdvDoor: Adversarial Backdoor Attack of Deep Learning System". ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Denmark, 2021.

  • Feilong Zuo, Zhengxiong Luo, Junze Yu, Yu Jiang*: "PAVFuzz: State-Sensitive Fuzz Testing of Protocols in Autonomous Vehicles". ACM Design Automation Conference (DAC), San Francisco, CA, 2021.

  • Dongning Ma, Jianmin Guo, Yu Jiang, Xun Jiao: "HDTest: Differential Fuzz Testing of Brain-Inspired Hyperdimensional Computing". ACM Design Automation Conference (DAC), San Francisco, CA, 2021.

  • Mingzhe Wang, Zhiyong Wu, Xinyi Xu, Jie Liang, Chijin Zhou, Huafeng Zhang, and Yu Jiang*: "Industry Practice of Coverage-Guided Enterprise-Level DBMS Fuzzing". ACM SIGSOFT International Conference on Software Engineering - Software Engineering in Practice(ICSE-SEIP), Madrid, 2021.

  • Mingrui Zhang, Jianzhong Liu, Fuchen Ma, Huafeng Zhang, and Yu Jiang*: "IntelliGen: Automatic Driver Synthesis for Fuzz Testing". ACM SIGSOFT International Conference on Software Engineering - Software Engineering in Practice(ICSE-SEIP), Madrid, 2021.

  • Jian Gao, Yiwen Xu, Yu Jiang*, Zhe Liu, Xun Jiao, Wanli Chang, and JIaguang Sun:" EM-Fuzz: Augmented Firmware Fuzzing via Memory Checking". ACM SIGBED International Conference on Embedded Software(EMSOFT,Best Paper Candidate), China, 2020.

  • Chitin Zhou, Mingzhe Wang, Jie Liang, and Yu Jiang*:" Zeror: Speed Up Fuzzing with Coverage-sensitive Tracing and Scheduling". ACM SIGSOFT International Conference on Automated Software Engineering(ASE), Australia, 2020.

  • Zhengxiong Luo, Feilong Zuo, Yuheng Shen, Xun Jiao, Wanli Chang, and Yu Jiang*: "ICS Protocol Fuzzing: Coverage Guided Packet Crack and Generation".ACM Design Automation Conference(DAC), USA, 2020.

  • Xun Jiao, Dongning Ma, Wanli Chang, and Yu Jiang: "TEVoT: Timing Error Modeling of Functional Units under Dynamic Voltage and Temperature Variations".ACM Design Automation Conference(DAC), USA, 2020.

  • Cong Wang, Mingrui Zhang, Yu Jiang*, Huafeng Zhang, Zhenchang Xing, and Ming Gu: "Escape from Escape Analysis of Golang". ACM SIGSOFT International Conference on Software Engineering - Software Engineering in Practice(ICSE-SEIP, Best Paper Candidate), Korea, 2020.

  • Zhengxiong Luo, Feilong Zuo, Yu Jiang*, Jian Gao, Xun Jiao, and Jiaguang Sun: "Polar: Function Code Aware Fuzz Testing of ICS Protocol". ACM SIGBED International Conference on Embedded Software(EMSOFT, Best Paper Candidate), USA, 2019.

  • Yuanliang Chen, Yu Jiang*, Fuchen Ma, Jie Liang, Mingzhe Wang, Chijin Zhou, Xun Jiao, and Zuo Su:" EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers".USENIX Security Symposium (SEC), USA, 2019

  • Andrew Y.-Z. Ou, Maryam Rahmaniheris, Yu Jiang*, Po-Liang Wu and Lui Sha: "Toward Safe Interoperation in Network Connected Medical CPS Using Open-Loop Safe Protocol", ACM/IEEE 36th International Conference on Computer-Aided Design(ICCAD), USA, 2017.

  • Yu Jiang, Mingzhe Wang, Han Liu, Mohammad Hosseini, and Jiaguang Sun: "Dependable Integrated Clinical System Architecture with Runtime Verification", ACM/IEEE 36th International Conference on Computer-Aided Design(ICCAD), USA, 2017.

  • Han Liu, Chengnian Sun, Zhengdong Su, Yu Jiang*, Ming Gu, and Jiaguang Sun: "Stochastic Optimization of Program Obfuscation", ACM/IEEE 39th International Conference on Software Engineering (ICSE), Argentina, 2017.

  • Yu Jiang, Han Liu, Hui Kong, Rui Wang, Mohammad Hosseini, Jiaguang Sun and Lui Sha: "Use Runtime Verification to Improve the Quality of Medical Care Practice", ACM/IEEE 38th International Conference on Software Engineering (ICSE-SEIP): 112-122, USA, 2016.

  • Yu Jiang, Yixiao Yang, Han Liu, Hui Kong, Ming Gu, Jiaguang Sun, and Lui Sha: "From Stateflow Simulation to Verified Implementation: A Verification Approach and A Real-Time Train Controller Design".ACM/IEEE 22nd Real-Time Technology and Applications Symposium (RTAS): 231-241, Austria, 2016.

  • Fuchen Ma, Meng Ren, Lerong Ouyang, Yuanliang Chen, Juan Zhu, Ting Chen, Xiao Dai, Yu Jiang, Jiaguang Sun: “Pied-Piper: Revealing the Backdoor Threats in Ethereum ERC Token Contracts”. ACM Transactions on Software Engineering and Methodology (TOSEM), 2022.

  • Zijing Yin, Yiwen Xu, Fuchen Ma, Haohao Gao, Lei Qiao, Yu Jiang*: "Scanner++: Enhanced Vulnerability Detection of Web Applications with Attack Intent Synchronization". ACM Transactions on Software Engineering and Methodology (TOSEM), 2022.

  • Zhuo Su, Dongyan Wang, Zehong Yu, Yixiao Yang, Yu Jiang*, Rui Wang, Wanli Chang, Wen Li, Aiguo Cui and Jiaguang Sun:“PHCG: Optimizing Simulink Code Generation for Embedded System with SIMD Instructions”. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), 2022.

  • Fuchen Ma, Zhenyang Xu, Meng Ren, Zijing Yin, Yuanliang Chen, Lei Qiao, Bin Gu, Huizhong Li, Yu Jiang* and Jiaguang Sun:” Pluto: Exposing Vulnerabilities in Inter-Contract Scenarios”. IEEE Transactions on Software Engineering (TSE), 2021.

  • Jianmin Guo, Quan Zhang, Yue Zhao, Heyuan Shi, Yu Jiang, and Jiaguang Sun:” RNN-Test: Towards Adversarial Testing for Recurrent Neural Network Systems”. IEEE Transactions on Software Engineering (TSE), 2021.

  • Zhuo Su, Dongyan Wang, Yixiao Yang, Yu Jiang*, Wanli Chang, Liming Fang, Wen Li, and Jiaguang Sun: "Code Synthesis for Dataflow Based Embedded Software Design". IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), 2021.

  • Zhuo Su, Dongyan Wang, Yixiao Yang, Zhehong Yu, Wanli Chang, Wen Li, Aiguo Cui, Yu Jiang*, and Jiaguang Sun: "MDD: A Unified Model-Driven Design Framework for Embedded Control Software". IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), 2021.

  • Jie Liang, Yu Jiang*, Mingzhe Wang, Xun Jiao, Yuanliang Chen, Housing Song, Kim-Kwang Raymond Choo: DeepFuzzer: Accelerated Deep Greybox Fuzzing IEEE Transactions on dependable and secure computing (TDSC), 2019.

  • Jian Gao, Xin Yang, Yu Jiang* and Jiaguang Sun:" Semantic Learning-Based Cross-Platform Binary Vulnerability Search For IoT Devices ".IEEE Transactions on Industry Informatics (TII), 2019.

  • Yu Jiang, Houbing Song, Rui Wang, Ming Gu, Jiaguang Sun, and Lui Sha. Data-centered Runtime Verification of Wireless Medical Cyber-physical System. IEEE Transactions on Industry Informatics (TII), 2016.

  • Yu Jiang, Hehua Zhang, Huafeng Zhang, Han Liu, and Jiaguang Sun. Design of Mixed Synchronous/Asynchronous Systems with Multiple Clocks. IEEE Transactions on Parallel and Distributed Systems (TPDS), 2015.

  • Yu Jiang, Hehua Zhang, Zonghui Li, Ming Gu, and Jiaguang Sun. Design and Optimization of Multi-clocked Embedded Systems using Formal Techniques. IEEE Transactions on Industrial Electronics (TIE), 2015.

  • Yu Jiang, Hehua Zhang, Xiaoyu Song, Xun Jiao, William N. N. Hung, and Jiaguang Sun. Bayesian Network-Based Reliability Analysis of PLC Systems. IEEE Transactions on Industrial Electronics (TIE),2013.

Selected Projects

  • Security Testing of Intelligent manufacturing software stack (sole-PI-125,000 USD, NSFC): The project mainly focuses on using fuzzing techniques to detect the bugs and vulnerabilities of the intelligent manufacturing software stack, including the platform, protocol, and firmware.

  • Kernel Fuzzing (sole-PI-300,000 USD, UnionTech): The project mainly focuses on using relation learning and task synthesis to guide the syscall sequences generation and detect the logic or implementation vulnerability of the Linux kernel.

  • Consensus Protocol Fuzzing (sole-PI-150,000 USD, Webank): The project mainly focuses on using predefined message mutation and on-chain status-aware packet generation to detect the logic or implementation vulnerability of consensus protocol in blockchain platforms.

  • Fuzzing Parallelizing and Ensembling (sole-PI-300,000 USD): The project mainly focuses on using seed synchronization to achieve collaborative fuzzing of multiple fuzzers and using task dividing to improve the effectiveness of parallel mode of fuzzing.

  • Automatic Driver Synthesis for Fuzzing (sole-PI-120,000 USD, Huawei): The project mainly focuses on fuzz driver synthesis with pointer analysis and type inference, to elevate the intensive labor of writing drivers to start fuzzing manually.

  • Coverage Guided Testing of Database System (sole-PI-77,000 USD, Alibaba): The project mainly focuses on using dynamic analysis techniques to detect the performance and security issues of database management systems.

  • Quality Assurance of Industrial Control Software (sole-PI-180,000 USD, NSFC, Early Career Award): The project mainly focuses on using static analysis and dynamic analysis techniques to detect the vulnerabilities of typical protocols and OS kernels in industrial applications.

  • Trustworthy Embedded Software (sole-PI-2,870,000 USD, Huawei): The project mainly focuses on using a formal computation model to specify the design requirements and generate the code automatically, and applying runtime verification to further ensure the correctness of the whole system, especially for the software systems on the autonomous car and wireless base station.

  • Fuzz Testing of Deep Learning System (sole-PI-65,000 USD, Webank): The project mainly focuses on using differential testing to generate the adversary input for the deep learning network and also scan the backdoor of the deep learning systems, especially for the systems of voice and face recognition.

  • Validation of ICS Embedded Firmware (sole-PI-210,000 USD): The project mainly focuses on using clone detection and fuzzing to detect the vulnerability of the cross-platform binaries, especially for the binary on the embedded devices of the power control system.

  • Dynamic Analysis of System Software-II (sole-PI-400,000 USD, Huawei): The project mainly focuses on using a thread scheduling algorithm to detect the concurrency errors of the Java Bytecodes, especially for the data races, deadlock, and atomicity violation of applications running on JVM.

  • Security Analysis of Linux Kernel (sole-PI-80,000 USD, Alibaba): The project mainly focuses on using patch analysis, relation learning, and guided syscall generation to detect the vulnerabilities of the Linux Kernel and RTOS kernel.

  • Test Generation for Verifying Control Software (sole-PI-92,000 USD, MHI): The project mainly focuses on using the search-based techniques to generate the test inputs for Simulink Model to maximize the parameter combination coverage and the branch coverage, especially for the model for robot control.

  • Security Analysis of BlockChain System (sole-PI-90,000 USD, Webank): The project mainly focuses on using static analysis and dynamic analysis to automatically generate the contracts and inputs for the vulnerability detection of the Ethereum virtual machine.

Professional Service

Editor Board :

  • ELSEVIER Journal of Systems Architecture: Embedded Software Design (Associate Editor, CCF-B), 2020-now

  • IEEE Transactions on Sustainable Computing (Associate Editor), 2021-now

TPC Member :

  • USENIX Annual Technical Conference(ATC), 2023

  • ACM/IEEE International Conference on Software Engineering(ICSE),2021, 2024

  • ACM/IEEE Design Automation Conference(DAC), 2020, 2021, 2022

  • ACM/IEEE International Conference on Embedded Software(EMSOFT),2020, 2021, 2022

  • IEEE International Conference on Software Testing, Verification, and Validation(ICST), Industry Track, 2019, 2020,2021, 2022

  • IEEE International Symposium on Software Reliability Engineering (ISSRE),2022

  • ACM/IEEE Asia and South Pacific Design Automation Conference(ASP-DAC), 2021, 2022

  • IEEE/ACM International Conference on Automated Software Engineering(ASE). Tool Track, 2021

  • ACM International Symposium on the Foundations of Software Engineering(FSE), Industry Track, 2021

  • ACM International Conference on Cyber-Physical System(ICCPS), 2020

  • IEEE International Conference on Software Quality, Reliability, and Security(QRS), 2019, 2020, 2021

  • ACM International Conference on Model-Driven Engineering Languages and Systems(MODELS), 2019

  • IEEE Real-Time and Embedded Technology and Applications Symposium(RTAS), 2019

  • IEEE Asia-Pacific Software Engineering Conference(APSEC),2019,2020,2021

  • IEEE International Conference on Computers and Communications(ISCC), 2017, 2018.

Reviewer :

  • IEEE transactions on Software Engineering

  • IEEE transactions on Parallel and Distributed Systems,

  • ACM transactions on Cyber-Physical Systems,

  • IEEE transactions on Industry Informatics, etc