Software Security and Testing

I develop tools and techniques to detect and mitigate real-world security vulnerabilities through a combination of static analysis and dynamic testing.

Memory Safety

• Detecting memory errors via typestate analysis — FGS enables precise path-sensitive detection of use-after-free, double-free, and memory leak bugs in large C/C++ codebases with low false positive rates. [C6: FSE '24]
• Automated memory error repair — LTFix combines typestate-guided context retrieval with LLMs to automatically generate patches for memory management errors at the repository level. [C13: FSE '26]

Dynamic Testing

• ReDoS attack string generation — We proposed PUFFERDOS, an efficient method for generating attack strings that trigger Regular Expression Denial of Service vulnerabilities. [C14: S&P '26]
• Fuzz driver enhancement — We proposed MUTATO, which uses adaptive API option parameter mutation with an epsilon-greedy strategy to enhance fuzz drivers, discovering 12 previously unknown vulnerabilities (3 CVEs) including 4 bugs missed by OSS-Fuzz. [C12: NDSS '26]

Malware Detection

• Mitigating label noise — We proposed MalCleanse, which combines uncertainty estimation with unsupervised anomaly detection to identify emergent malware label noise, improving label accuracy by ~25 percentage points. [C8: FSE '25]
• Robust training under data imbalance — We proposed MalTutor, an uncertainty-guided curriculum learning framework that improves malware detection F1 by 139% on average across multiple detectors. [C7: ISSTA '25]

← Back to homepage