About


The Systems and Software Security (S3) Lab at The University of Texas at Dallas focuses on building new systems and automated techniques to secure our computer systems including OS kernels and the running software. We cover a wide spectrum of technology including those from hardware, architecture, virtualization, operating system, and compilers. Our emphasis is the underlying program (including source code and binary code) analysis techniques as computer systems essentially run programs, and our particularly interested applications include the protection of hypervisor and operating system kernel, the inference of binary code for vulnerability discovery and malicious behavior analysis as well as the binary code rewriting and reuse, the investigation of the cyber attacks such as intrusion detection and digital forensics, and the digital data recovery.

Current Interests


People


Faculty

PhD Students

Master Students

Undergraduate Students

Alumni

Note

Publications


Conferences/Journals Paper Details
2014
ACSAC "MACE: High-Coverage and Robust Memory Analysis For Commodity Operating Systems". Qian Feng, Aravind Prakash, Heng Yin, and Zhiqiang Lin. In Proceedings of the 30th Annual Computer Security Applications Conference, New Orleans, Louisiana, December 2014. (19%) [PDF][Bibtex]
ESORICS "SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification". David Urbina, Yufei Gu, Juan Caballero, and Zhiqiang Lin. To appear in Proceedings of the 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September, 2014 (58/234 = 24.8%). [PDF][Slides][Bibtex]
RAID "GoldenEye: Efficiently and Effectively Unveiling Malware's Targeted Environment". Zhaoyan Xu, Jialong Zhang, Guofei Gu, and Zhiqiang Lin. To appear in in Proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defenses, Gothenburg, Sweden. September 2014 (22/113 = 19.5%). [PDF][Slides][Bibtex]
USENIX-SEC "Preventing Cryptographic Key Leakage in Cloud Virtual Machines". Erman Pattuk, Murat Kantarcioglu, Zhiqiang Lin, and Huseyin Ulusoy. To appear in Proceedings of the 2014 USENIX Security Symposium, San Diego, CA, August 2014 (67/350 = 19%). [PDF][Slides][Bibtex]
USENIX-SEC "X-Force: Force-Executing Binary Programs for Security Applications". Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. To appear in Proceedings of the 2014 USENIX Security Symposium, San Diego, CA, August 2014 (67/350 = 19%). [PDF][Slides][Bibtex]
TCC "Multi-Aspect, Robust, and Memory Exclusive Guest OS Fingerprinting". Yufei Gu, Yangchun Fu, Aravind Prakash, Zhiqiang Lin, and Heng Yin. IEEE Transactions on Cloud Computing. July 2014. [PDF][Bibtex]
USENIX-ATC "HyperShell: A Practical Hypervisor Layer Guest OS Shell for Automated In-VM Management". Yangchun Fu, Junyuan Zeng, and Zhiqiang Lin. In Proceedings of the 2014 USENIX Annual Technical Conference, Philadephia, PA, June 2014 (36/205 = 14.9%). [PDF][Slides][Bibtex]
DATE "Programmable Decoder and Shadow Threads: Tolerate Remote Code Injection Exploits with Diversified Redundancy". Ziyi Liu, Weidong Shi, Shouhuai Xu, and Zhiqiang Lin. In Proceedings of the 2014 Design, Automation and Test in Europe, Dresden, Germany, March 2014 (206/1090 = 23.1%). [PDF][Slides][Bibtex]
NDSS "Hybrid-Bridge: Efficiently Bridging the Semantic-Gap in Virtual Machine Introspection via Decoupled Execution and Training Memoization". Alireza Saberi, Yangchun Fu, and Zhiqiang Lin. In Proceedings of the 21st ISOC Network and Distributed System Security Symposium, San Diego, CA, February 2014 (55/295 = 18.6%). [PDF][Slides][Bibtex]
NDSS "SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps". David Sounthiraraj, Justin Sahs, Garrett Greenwood, Zhiqiang Lin, and Latifur Khan. In Proceedings of the 21st ISOC Network and Distributed System Security Symposium, San Diego, CA, February 2014 (55/295 = 18.6%). [PDF][Slides][Bibtex]
TIFS "Data-Centric OS Kernel Malware Characterization". Junghwan Rhee, Ryan Riley, Zhiqiang Lin, Xuxian Jiang, Dongyan Xu. IEEE Transactions on Information Forensics and Security, Volume 9 Issue 1, January 2014. [PDF][Bibtex]
2013
ACSAC "Subverting System Authentication with Context-Aware, Reactive Virtual Machine Introspection". Yangchun Fu, Zhiqiang Lin, and Kevin Hamlen. In Proceedings of the 29th Annual Computer Security Applications Conference, New Orleans, Louisiana, December 2013. (19%) [PDF][Slides][Bibtex]
VMTJ "Toward Guest OS Writable Virtual Machine Introspection". Zhiqiang Lin. VMware Technical Journal, 2(2), December 2013. [PDF][HTML][Bibtex]
CCS "Obfuscation-resilient Binary Code Reuse through Trace-oriented Programming". Junyuan Zeng, Yangchun Fu, Kenneth Miller, Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. In Proceedings of the 20th ACM Conference on Computer and Communications Security, Berlin, Germany, November 2013. (105/530=19.8%) [PDF][Slides][Bibtex]
TISSEC "Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection". Yangchun Fu, and Zhiqiang Lin. In ACM Transactions on Information and System Security (TISSEC), Volume 16 Issue 2, September 2013. [PDF][Bibtex]
ISCA "CPU Transparent Protection of OS Kernel and Hypervisor Integrity with Programmable DRAM". Ziyi Liu, Jonghyuk Lee, Junyuan Zeng, Yuanfeng Wen, Zhiqiang Lin, and Weidong Shi. In Proceedings of the 40th International Symposium on Computer Architecture, Tel-Aviv, Israel. June 2013. (56/282=19.9%) [PDF]][Bibtex]
ICDCS "AUTOVAC: Towards Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization". Zhaoyan Xu, Jialong Zhang, Guofei Gu, and Zhiqiang Lin. In Proceedings of the 33rd International Conference on Distributed Computing Systems, Philadelphia, USA. July 2013. (61/464=13%) [PDF][Bibtex]
DSN "Manipulating Semantic Values in Kernel Data Structures: Attack Assessments and Implications". Aravind Prakash, Eknath Venkataramani, Heng Yin, and Zhiqiang Lin. In Proceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN-PDS), Budapest, Hungary, June 2013 [PDF][Bibtex]
VEE "Exterior: Using a Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery". Yangchun Fu, and Zhiqiang Lin. In Proceedings of the 9th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, Houston, TX, March 2013 [PDF][Slides][Bibtex]
2012
ACSAC "Securing Untrusted Code via Compiler-Agnostic Binary Rewriting". Richard Wartel, Vishwath Mohan, Kevin Hamlen, and Zhiqiang Lin. In Proceedings of the 28th Annual Computer Security Applications Conference, Orlando, FL, December 2012. (44/231=19%) [PDF][Slides][Bibtex] (Outstanding Student Paper Award)
SOCC "OS-Sommelier: Memory-Only Operating System Fingerprinting in the Cloud". Yufei Gu, Yangchun Fu, Aravind Prakash, Zhiqiang Lin, and Heng Yin. In Proceedings of the 3rd ACM Symposium on Cloud Computing, San Jose, CA, October 2012. ((21+4)/165=15.3%) [PDF][Slides][Bibtex]
CCS "Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code". Richard Wartel, Vishwath Mohan, Kevin Hamlen, and Zhiqiang Lin. In Proceedings of the 19th ACM Conference on Computer and Communications Security, Raleigh, NC, October 2012. (80/423=18.9%) [PDF][Slides][Bibtex] (This paper wins the 2nd place in the NYU-Poly AT&T Best Applied Security Paper of the Year 2012)
DFRWS "Bin-Carver: Automatic Recovery of Binary Executable Files". Scott Hand, Zhiqiang Lin, Guofei Gu, and Bhavani Thuraisingham. In Proceedings of the 12th Annual Digital Forensics Research Conference, Washington DC, August 2012 (14/47=29.8%). [PDF][Slides][Bibtex]
S&P "Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection". Yangchun Fu, and Zhiqiang Lin. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, San Fransisco, CA, May 2012 (40/307=13%). [PDF][Slides][Slides-Handout][Demo][Bibtex]
NDSS "DIMSUM: Discovering Semantic Data of Interest from Un-mappable Memory with Confidence". Zhiqiang Lin, Junghwan Rhee, Chao Wu, Xiangyu Zhang, and Dongyan Xu. In Proceedings of the 19th ISOC Network and Distributed System Security Symposium, San Diego, CA, February 2012 (46/258 = 17.8%). [PDF][Slides][Bibtex]
2011 and Before
AsiaCCS "Characterizing Kernel Malware Behavior with Kernel Data Access Patterns". Junghwan Rhee, Zhiqiang Lin, and Dongyan Xu. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, March 2011 (35/217 = 16.1%).[PDF] [Bibtex]
NDSS "SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures". Zhiqiang Lin, Junghwan Rhee, Xiangyu Zhang, Dongyan Xu, and Xuxian Jiang. In Proceedings of the 18th Network and Distributed System Security Symposium, San Diego, CA, February 2011 (28/139 = 20.1%). [Abstract][PDF][Bibtex][Demo][Slides]
ISSTA "Strict Control Dependence and its Effect on Dynamic Information Flow Analyses". Tao Bao, Yunhui Zheng, Zhiqiang Lin, Xiangyu Zhang and Dongyan Xu. In Proceedings of the 2010 International Symposium on Software Testing and Analysis,Trento, Italy. July 2010 (24/105 = 23%). [Bibtex][PDF]
DSN "Reuse-Oriented Camouflaging Trojan: Vulnerability Detection and Attack Construction". Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. In Proceedings of the 40th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN-DCCS), Chicago, IL, June 2010 (39/168=23.2%). [Abstract][PDF][Bibtex][Slides]
NDSS "Automatic Reverse Engineering of Data Structures from Binary Execution. Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. In Proceedings of the 17th Network and Distributed System Security Symposium, San Diego, CA, February 2010 (24/156=15.4%). [Abstract][PDF][Bibtex][Slides][Demo] (Note that this paper wins the 1st place in the Poster Competition of 2010 CERIAS Annual Information Security Symposium)
TSE "Reverse Engineering Input Syntactic Structure from Program Execution and Its Applications". Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. IEEE Transactions on Software Engineering. 36(5), 2010. [PDF][Bibtex]
DIMVA "Polymorphing Software by Randomizing Data Structure Layout". Zhiqiang Lin, Ryan Riley, and Dongyan Xu. In Proceedings of the 6th SIG SIDAR Conference on Detection of Intrusions and Malware and Vulnerability Assessment. Milan, Italy, July 2009 ((10+3)/44=29.5%). [Abstract][PDF][Bibtex][Code]
NDSS "IntScope: Automatically Detecting Integer Overflow Vulnerability In X86 Binary Using Symbolic Execution". Tielei Wang, Tao Wei, Zhiqiang Lin, and Wei Zou. In Proceedings of the 16th Network and Distributed System Security Symposium, San Diego, CA, February 2009 (20/171=11.7%). [Abstract][PDF][Bibtex]
FSE "Deriving Input Syntactic Structure From Execution". Zhiqiang Lin, and Xiangyu Zhang. In Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering. Atlanta, Georgia, USA, November 2008 (31/152=20.5%). [Abstract][PDF][Bibtex][Slides]
DSN "Convicting Exploitable Software Vulnerabilities: An Efficient Input Provenance Based Approach". Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. In Proceedings of the 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN-DCCS), Anchorage, Alaska, USA, June 2008 (34/149=23%). [Abstract][PDF][Bibtex][Slides]
NDSS "Automatic Protocol Format Reverse Engineering Through Context-Aware Monitored Execution". Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, and Xiangyu Zhang. In Proceedings of the 15th Network and Distributed System Security Symposium,San Diego, CA, February 2008 (21/118=17.8%) [Abstract][PDF][Bibtex][Slides]
AsiaCCS "AutoPaG: Towards Automated Software Patch Generation with Source Code Root Cause Identification and Repair". Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, Bing Mao, and Li Xie. In Proceedings of ACM Symposium on InformAtion, Computer and Communications Security, Singapore, March 2007 (Acceptance ratio: 33/188=17.6%). [PDF][Bibtex][Slides]
ISC "Transparent Run-Time Prevention of Format-String Attacks via Dynamic Taint and Flexible Validation". Zhiqiang Lin, Nai Xia, Guole Li, Bing Mao, and Li Xie. In Proceedings of the 9th Information Security Conference. Greece. Sept, 2006 (Acceptance ratio: 38/188=20.2%). [PDF][Bibtex][Code]
ARES "A Practical Framework for Dynamically Immunizing Software Security Vulnerabilities". Zhiqiang Lin, Bing Mao, and Li Xie. In Proceedings of the First International Conference on Availability, Reliability and Security. Austria. April, 2006. [PDF][Bibtex]
IAW "LibsafeXP: A Practical and Transparent Tool for Run-time Buffer Overflow Preventions". Zhiqiang Lin, Bing Mao, and Li Xie. In Proceedings of the 7th Annual IEEE Information Assurance Workshop. West Point, NY. USA. June, 2006. [PDF][Bibtex][Slides][Code]

HOME SOURCE