Embedded Files
Yiwen Xu
Yiwen Xu
I have been serving as a Software Engineer at Alibaba Cloud Computing Company since July 2023. I received my Master's degree from Tsinghua University, where I was supervised by Prof. Yu Jiang as a member of the Software System Security Assurance Group.
Email: xuyiwen14@gmail.com
Personal Tech Blog: spidermana.github.io
Research Interests:
IoT Security & Malware Mitigation
Fuzzing
LLM-powered Applications and LLMOps
Please feel free to contact me if you have any questions.
Self Introduction
In my previous studies, I mainly focused on the security issues caused by IoT malware towards constrained IoT devices. Through observations of IoT malware attacks' characteristics, we design the lightweight on-device safeguard framework Midas. Based on the real-time behavior auditing mechanism, Midas effectively decreases devices' compromised incidents by 343.1× and extends the continuous operation time by 179.2×, even under the severe IoT attacks (971,951 in total) from the Internet. This work was published by EMSOFT' 22.
Also, we further systematically analyze abused resources and malicious intentions behind the audited IoT attackers' behaviors with the help of our devised IoT honeypot HoneyAsclepius. The results give us useful insights for IoT device protection. The empirical study was accepted by ASE'22.
Additionally, fuzzing as an automatic vulnerability discovery technique interests me a lot. I have read the source code of AFL and understand the principle of AddressSanitizer and Dr. Memory. Motivated by these fantastic works, I make some efforts to implement a firmware binary fuzzing EM-Fuzz with an emphasis on memory error detection with partners, which exposes 23 vulnerabilities. This work was accepted by EMSOFT'20 and nominated by Best Paper Candidate.
Moreover, I am passionate about the reverse engineering and vulnerability analysis in huge systems, like OS Kernels. During the recent internship, I have reimplemented the POC of a N-day data race of PTY subsystem in Linux kernel 4.19.
News
Feb 26, 2024 Our research on protecting deserialization procedures of Java applications is accepted🎉 by NDSS‘24.
Oct 16, 2023 Our significant work🌟 on sandboxing program with dynamic syscall policies is accepted by OOPSLA‘23.
Jul 21, 2022 Our empirical study📖 about system resources abused by IoT attackers is accepted by ASE‘22.
Jul 6, 2022 Midas, a lightweight on-device safeguard🛡️ framework for IoT, is published by EMSOFT‘22.
Feb 3, 2022 Scanner++, a proxy-based ensemble web scanning🗡️, is accepted by TOSEM‘21.
Jul 7, 2020 EM-Fuzz, a firmware fuzzing with memory checking🐛, is accepted by EMSOFT'20 (Best Paper Candidate)
Publications
NDSS’24
Quan Zhang, Yiwen Xu, Zijing Yin, Chijin Zhou, and Yu Jiang
In the Network and Distributed System Security Symposium (NDSS), 2024
OOPSLA’23
Quan Zhang, Chijin Zhou, Yiwen Xu, Zijing Yin, Mingzhe Wang, Zhuo Su, Chengnian Sun, Yu Jiang, and Jiaguang Sun
In the ACM SIGPLAN International Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), 2023
ASE’22
Zijing Yin*, Yiwen Xu* (Co-First), Chijin Zhou, Yu Jiang.
In the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2022.
EMSOFT’22
Yiwen Xu*, Zijing Yin* (Co-First), Yiwei Hou, Yu Jiang.
In the ACM SIGBED International Conference on Embedded Software (EMSOFT), 2022
TOSEM’21
Zijing Yin, Yiwen Xu, Fuchen Ma, Haohao Gao, Lei Qiao, Yu Jiang.
In the ACM Transactions on Software Engineering and Methodology (TOSEM), 2021.
EMSOFT’20 (Best Paper Nominee)
Jian Gao, Yiwen Xu, Yu Jiang, Zhe Liu,Wanli Chang, Xun Jiao, Jiaguang Sun.
In the ACM SIGBED International Conference on Embedded Software (EMSOFT) , 2020.
Hobbies
Outdoor hiking enthusiast
PADI certified scuba diver
Amateur skier
Casual guitar performer
Beginner piano player
Page updated
Google Sites
Report abuse