About Me
- Research interest
- Education
- Experience
- Honors & Awards
- Publications
- Talks
- CVEs discovered by me
- Upstream Linux Kernel Patches
I am an Associate Professor in the School of Cyber Science and Engineering at Huazhong University of Science and Technology (HUST). I earned my Ph.D. in Computer Science from Nanjing University, where I collaborated extensively with Professor Xinyu Xing at Penn State University. My research focuses on Linux kernel security, with recent work published at top-tier conferences including IEEE S&P (Oakland), USENIX Security, ACM CCS, NDSS, and ASE. Additionally, I am actively exploring emerging areas at LLM for Security, as well as automotive operating system security, with a focus on real-world industrial applications. I am honored to be a recipient of the ACM CCS 2018 Outstanding Paper Award and the 2023 Google Open Source Peer Bonus Award for contributions to the Linux kernel and Syzkaller. Additionally, I was recognized in the 2022 and 2024 Wuhan Talent Programs for my research achievements.
[Prospective Students] I am looking for multiple Ph.D. students and undergraduate/graduate research interns who share my academic interests and have a solid background in System/Software Security. If you are interested, please send me emails about your information.
Research interest
My research centers on Software and System Security, with a focus on developing automated frameworks for vulnerability discovery and lifecycle management. I specialize in advancing fuzzing techniques to uncover zero-day vulnerabilities in complex systems, while also designing methodologies for Vulnerability Reproduction, Crash Deduplication, Vulnerability Root Cause Analysis, Vulnerability Assessment, Vulnerability Patching and etc. I am interested in the OS kernel security, the security of Internet of Vehicles (IoV) and LLMs for Security.
Education
- Ph.D. (2014.09 - 2019.12), Computer Science and Technology, Nanjing University
- B.E. (2010.09 - 2014.06), Computer Science and Technology, Zhengzhou University
Experience
- Associate Professor, Huazhong University of Science and Technology (2020/08 - Now)
- Research Fellow, Pennsylvania State University (2020/01 - 2020/07)
- Organizer of 2018 Penn State Cybersecurity Competition, Pennsylvania State University
- Research Assistant in Software and System Security, Pennsylvania State University (2016 - 2020)
- Graduate Research and Teaching Assistant, Nanjing University (2014 - 2019)
Honors & Awards
- Wuhan Talent Program, 2024
- Google Open Source Peer Award, 2023
- Wuhan Talent Program, 2022
- ACM CCS Outstanding Paper Award (Top 1), 2018
Publications
* means equal contribution
Conference Papers
-
[USENIX Security 25] PatchAgent: A Practical Program Repair Agent Mimicking Human Expertise [Paper]
Zheng Yu, Ziyi Guo, Yuhang Wu, Jiahao Yu, Meng Xu, Dongliang Mu, Yan Chen, Xinyu Xing
Proceedings of the 34nd USENIX Security Symposium -
[USENIX Security 23] Mitigating Security Risks in Linux with KLAUS : A Method for Evaluating Patch Correctness [Paper]
Yuhang Wu, Zhenpeng Lin, Yueqi Chen, Dang Le, Dongliang Mu, Xinyu Xing
Proceedings of the 32nd USENIX Security Symposium -
[NDSS 22] An In-depth Analysis of Duplicated Linux Kernel Bug Reports [Paper]
Dongliang Mu, Yuhang Wu, Yueqi Chen, Zhenpeng Lin, Chensheng Yu, Xinyu Xing, Gang Wang
Proceedings of the Network and Distributed System Security Symposium -
[Oakland SP 22] GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs [Paper]
Zhenpeng Lin, Yueqi Chen, Dongliang Mu, Chensheng Yu, Yuhang Wu, Kang Li, Xinyu Xing
Proceedings of the 43rd IEEE Symposium on Security and Privacy (CSAW 22 Finalist) -
[TrustComm 21] RoBin: Facilitating the Reproduction of Configuration-Related Vulnerability [Paper]
Ligeng Chen, Jian Guo, Zhongling He, Dongliang Mu, and Bing Mao
Proceedings of the 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications -
[USENIX Security 19] DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis [Paper]
Wenbo Guo*, Dongliang Mu*, Xinyu Xing, Min Du, Dawn Song
Proceedings of the 28th USENIX Security Symposium -
[AsiaCCS 19] Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary [Paper]
Yaohui Chen*, Dongliang Mu*, Jun Xu, Zhichuang Sun, Wenbo Shen, Xinyu Xing, Long Lu, Bing Mao
Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security -
[ASE 19] RENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis [Paper]
Dongliang Mu*, Wenbo Guo*, Alejandro Cuevas, Yueqi Chen, Jinxuan Gai, Xinyu Xing, Bing Mao, Chengyu Song
Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering -
[PRICAI 19] Building Adversarial Defense with Non-invertible Data Transformations [Paper]
Wenbo Guo, Dongliang Mu, Ligeng Chen, Jinxuan Gai
Proceedings of the 16th Pacific Rim International Conference on Artificial Intelligence -
[USENIX Security 18] Understanding the Reproducibility of Crowd-reported Security Vulnerabilities [Paper]
Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, Gang Wang
Proceedings of the 27th USENIX Security Symposium -
[ACM CCS 18] LEMNA: Explaining Deep Learning based Security Applications [Paper]
Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, Xinyu Xing
Proceedings of The 25th ACM Conference on Computer and Communications Security Outstanding paper award -
[USENIX Security 17] POMP: Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts [Paper]
Jun Xu, Dongliang Mu, Xinyu Xing, Peng Liu, Ping Chen, Bing Mao
Proceedings of the 26th USENIX Security Symposium -
[SecureCOMM 17] ROPOB: Obfuscating Binary Code via ReturnOriented Programming [Paper]
Dongliang Mu, Jia Guo, Wenbiao Ding, Zhilong Wang, Bing Mao, Lei Shi
International Conference on Security and Privacy in Communication Systems -
[SecureCOMM 17] DiffGuard: Obscuring Sensitive Information in Canary Based Protections [Paper]
Jun Zhu, Weiping Zhou, Zhilong Wang, Dongliang Mu, Bing Mao
International Conference on Security and Privacy in Communication Systems -
[ACM CCS 16] CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump [Paper]
Jun Xu, Dongliang Mu, Ping Chen, Xinyu Xing, Pei Wang, Peng Liu
Proceedings of the 23nd ACM Conference on Computer and Communications Security
Journal Papers
-
[ToSEM 23] Characterizing and Detecting WebAssembly Runtime Bugs [Paper]
Yixuan Zhang, Shangtong Cao, Haoyu Wang, Zhenpeng Chen, Xiapu Luo, Dongliang Mu, Yun Ma, Gang Huang, Xuanzhe Liu
ACM Transactions on Software Engineering and Methodology -
[TDSC 23] Towards Unveiling Exploitation Potential with Multiple Error Behaviors for Kernel Bugs [Paper]
Ziqin Liu, Zhenpeng Lin, Yueqi Chen, Yuhang Wu, Yalong Zou, Dongliang Mu, and Xinyu Xing
IEEE Transactions on Dependable and Secure Computing -
[TSE 19] POMP++: Facilitating Postmortem Program Diagnosis with Value-set Analysis [Paper]
Dongliang Mu, Yunlan Du, Jianhao Xu, Jun Xu, Xinyu Xing, Bing Mao, Peng Liu
IEEE Transactions on Software Engineering
Talks
- Facilitating the Removal of Kernel Vulnerability with Crash Triage
- ASSS 2022 Workshop (co-located with Euro S&P 2022), Genoa, Italy
- Towards Facilitating the Removal of Software Vulnerability
- Security Seminar, Qingdao, Shandong, China
- InforSec Workshop, Wuhan, Hubei, China
- Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary
- AsiaCCS 2019, Auckland, New Zealand
- Towards Facilitating the Removal of Software Defects
- QiZhen Youth Forum in Zhejiang University 2019, Zhejiang, China
- From Physical Security to Cyber Security: How to forge data spoofing personalized auto insurance
- Geekpwn China 2018, Shanghai, China
- Understanding the Reproducibility of Crowd-reported Security Vulnerabilities
- USENIX Security 2018, Baltimore, USA
CVEs discovered by me
CVE ID | Vulnerability Type | Vulnerable Software |
---|---|---|
CVE-2018-8816 | Stack Exhaustion | perl-5.26.1 |
CVE-2018-8881 | Heap buffer overflow | nasm-2.13.02rc2 |
CVE-2018-8882 | Stack buffer overflow | nasm-2.13.02rc2 |
CVE-2018-8883 | Global buffer overflow | nasm-2.13.02rc2 |
CVE-2018-10016 | Division-by-zero | nasm-2.14rc0 |
CVE-2018-9138 | Stack Exhaustion | binutils-2.29 |
CVE-2018-9996 | Stack Exhaustion | binutils-2.29 |
CVE-2018-10316 | Denial-of-Service | nasm-2.14rc0 |
CVE-2018-9251 | Denial-of-Service | libxml2-2.9.8 |
CVE-2021-37159 | Double Free | Linux Kernel |
CVE-2022-27950 | Memory Leak | Linux Kernel |
CVE-2022-30868 | Uninitialized Use | Linux Kernel |
CVE-2022-30869 | Improper Input Valid. | Linux Kernel |
CVE-2022-2978 | Use After Free | Linux Kernel |
CVE-2022-3239 | Use After Free | Linux Kernel |
CVE-2022-3577 | Out-of-Bound Write | Linux Kernel |
CVE-2023-2985 | Use After Free | Linux Kernel |
Upstream Linux Kernel Patches
Become a Reviewer for Chinese Translation Subsystem in Linux Kernel
-
100 accepted patches. See more details in Linux kernel mainline
-
100 accepted patches. See more details in Linux kernel linux-next