I am an associate professor in the school of Cyber Science and Engineering at Huazhong University of Science and Technology(HUST). I earned my Ph.D. in Computer Science from Nanjing University, and fortunately was supervised by Bing Mao. During my Ph.D. career, I collabrated and studied a lot from Xinyu Xing at Penn State University. My recent projects are focused on Linux Kernel Security and my work is usually published in conferences such as Usenix Security/CCS/NDSS/Oakland, and ASE. And I am a recipient of the ACM CCS Outstanding Paper Award (2018). I received 2022 Wuhan Talent Program and 2023 Google Open Source Peer Bonus Award due to the contribution to Linux kernel and Syzkaller.

[Prospective Students] I am looking for multiple Ph.D. students and undergraduate/graduate research interns who share my academic interests and have a solid background in System/Software Security. If you are interested, please send me emails about your information.

Research interest

My current research focuses on Software and System Security. More specifically, my research interests span the areas of Vulnerability Fuzzing, Vulnerability Analysis (including Crash Deduplication, Crash Diagnosis, Vulnerability Reproduction) and Vulnerability Assessment. I am interested in the OS kernel security and the security of Internet of Vehicles (IoV).

Education

  • Ph.D. (2014.09 - 2019.12), Computer Science and Technology, Nanjing University
  • B.E. (2010.09 - 2014.06), Computer Science and Technology, Zhengzhou University

Experience

  • Associate Professor, Huazhong University of Science and Technology (2020/08 - Now)

  • Research Fellow, Pennsylvania State University (2020/01 - 2020/07)
  • Organizer of 2018 Penn State Cybersecurity Competition, Pennsylvania State University
  • Research Assistant in Software and System Security, Pennsylvania State University (2016 - 2020)
  • Graduate Research and Teaching Assistant, Nanjing University (2014 - 2019)

Honors & Awards

  • Google Open Source Peer Award, 2023
  • Wuhan Talent Program, 2022
  • Student Travel Grant of 14th ACM ASIACCS, 2019
  • Artificial Intelligence Scholarship at Nanjing University, 2018
  • ACM CCS Outstanding Paper Award (Top 1), 2018
  • Student Travel Grant of 38th IEEE Symposium on Security and Privacy, 2017

Publications

* means equal contribution

Conference Papers

  • [USENIX Security 25] PatchAgent: A Practical Program Repair Agent Mimicking Human Expertise [Paper]
    Zheng Yu, Ziyi Guo, Yuhang Wu, Jiahao Yu, Meng Xu, Dongliang Mu, Yan Chen, Xinyu Xing Proceedings of the 34nd USENIX Security Symposium

  • [USENIX Security 23] Mitigating Security Risks in Linux with KLAUS : A Method for Evaluating Patch Correctness [Paper]
    Yuhang Wu, Zhenpeng Lin, Yueqi Chen, Dang Le, Dongliang Mu, Xinyu Xing, Proceedings of the 32nd USENIX Security Symposium

  • [NDSS 22] An In-depth Analysis of Duplicated Linux Kernel Bug Reports [Paper]
    Dongliang Mu, Yuhang Wu, Yueqi Chen, Zhenpeng Lin, Chensheng Yu, Xinyu Xing, Gang Wang
    Proceedings of the Network and Distributed System Security Symposium

  • [Oakland SP 22] GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs [Paper]
    Zhenpeng Lin, Yueqi Chen, Dongliang Mu, Chensheng Yu, Yuhang Wu, Kang Li, Xinyu Xing
    Proceedings of the 43rd IEEE Symposium on Security and Privacy (CSAW 22 Finalist)

  • [TrustComm 21] RoBin: Facilitating the Reproduction of Configuration-Related Vulnerability [Paper]
    Ligeng Chen, Jian Guo, Zhongling He, Dongliang Mu, and Bing Mao
    Proceedings of the 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

  • [USENIX Security 19] DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis [Paper]
    Wenbo Guo*, Dongliang Mu*, Xinyu Xing, Min Du, Dawn Song
    Proceedings of the 28th USENIX Security Symposium

  • [AsiaCCS 19] Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary [Paper]
    Yaohui Chen*, Dongliang Mu*, Jun Xu, Zhichuang Sun, Wenbo Shen, Xinyu Xing, Long Lu, Bing Mao
    Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security

  • [ASE 19] RENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis [Paper]
    Dongliang Mu*, Wenbo Guo*, Alejandro Cuevas, Yueqi Chen, Jinxuan Gai, Xinyu Xing, Bing Mao, Chengyu Song
    Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering

  • [PRICAI 19] Building Adversarial Defense with Non-invertible Data Transformations [Paper]
    Wenbo Guo, Dongliang Mu, Ligeng Chen, Jinxuan Gai
    Proceedings of the 16th Pacific Rim International Conference on Artificial Intelligence

  • [USENIX Security 18] Understanding the Reproducibility of Crowd-reported Security Vulnerabilities [Paper]
    Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, Gang Wang
    Proceedings of the 27th USENIX Security Symposium

  • [ACM CCS 18] LEMNA: Explaining Deep Learning based Security Applications [Paper]
    Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, Xinyu Xing
    Proceedings of The 25th ACM Conference on Computer and Communications Security Outstanding paper award

  • [USENIX Security 17] POMP: Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts [Paper]
    Jun Xu, Dongliang Mu, Xinyu Xing, Peng Liu, Ping Chen, Bing Mao
    Proceedings of the 26th USENIX Security Symposium

  • [SecureCOMM 17] ROPOB: Obfuscating Binary Code via ReturnOriented Programming [Paper]
    Dongliang Mu, Jia Guo, Wenbiao Ding, Zhilong Wang, Bing Mao, Lei Shi
    International Conference on Security and Privacy in Communication Systems

  • [SecureCOMM 17] DiffGuard: Obscuring Sensitive Information in Canary Based Protections [Paper]
    Jun Zhu, Weiping Zhou, Zhilong Wang, Dongliang Mu, Bing Mao
    International Conference on Security and Privacy in Communication Systems

  • [ACM CCS 16] CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump [Paper]
    Jun Xu, Dongliang Mu, Ping Chen, Xinyu Xing, Pei Wang, Peng Liu
    Proceedings of the 23nd ACM Conference on Computer and Communications Security

Journal Papers

  • [ToSEM 23] Characterizing and Detecting WebAssembly Runtime Bugs [Paper]
    Yixuan Zhang, Shangtong Cao, Haoyu Wang, Zhenpeng Chen, Xiapu Luo, Dongliang Mu, Yun Ma, Gang Huang, Xuanzhe Liu
    ACM Transactions on Software Engineering and Methodology

  • [TDSC 23] Towards Unveiling Exploitation Potential with Multiple Error Behaviors for Kernel Bugs [Paper]
    Ziqin Liu, Zhenpeng Lin, Yueqi Chen, Yuhang Wu, Yalong Zou, Dongliang Mu, and Xinyu Xing
    IEEE Transactions on Dependable and Secure Computing

  • [TSE 19] POMP++: Facilitating Postmortem Program Diagnosis with Value-set Analysis [Paper]
    Dongliang Mu, Yunlan Du, Jianhao Xu, Jun Xu, Xinyu Xing, Bing Mao, Peng Liu
    IEEE Transactions on Software Engineering

Talks

CVEs discovered by me

CVE ID Vulnerability Type Vulnerable Software
CVE-2018-8816 Stack Exhaustion perl-5.26.1
CVE-2018-8881 Heap buffer overflow nasm-2.13.02rc2
CVE-2018-8882 Stack buffer overflow nasm-2.13.02rc2
CVE-2018-8883 Global buffer overflow nasm-2.13.02rc2
CVE-2018-10016 Division-by-zero nasm-2.14rc0
CVE-2018-9138 Stack Exhaustion binutils-2.29
CVE-2018-9996 Stack Exhaustion binutils-2.29
CVE-2018-10316 Denial-of-Service nasm-2.14rc0
CVE-2018-9251 Denial-of-Service libxml2-2.9.8
CVE-2021-37159 Double Free Linux Kernel
CVE-2022-27950 Memory Leak Linux Kernel
CVE-2022-30868 Uninitialized Use Linux Kernel
CVE-2022-30869 Improper Input Valid. Linux Kernel
CVE-2022-2978 Use After Free Linux Kernel
CVE-2022-3239 Use After Free Linux Kernel
CVE-2022-3577 Out-of-Bound Write Linux Kernel
CVE-2023-2985 Use After Free Linux Kernel

Upstream Linux Kernel Patches

Ranking at #1900 in the whole Linux kernel contributors

Open Source Projects

Research Projects:

Book-in-progress related with Linux Kernel