Basic Information

My name is Dongliang Mu.

  • Education
    • Undergraduate(2010.09 - 2014.06), Computer Science and Technology, Zhengzhou University
    • Ph.D (2014.09 - Now), Computer Science and Technology, Nanjing University
  • Major field : Software Security & System Security
    • Vulnerability Reproduction
    • Postmortem Program Analysis
    • Vulnerability Diagnose
    • Binary Analysis

Experience

  • Research Assistant in Pennsylvania State University
    • Adviser: Dr. Xinyu Xing
    • Topic: Diagnose on process/OS crashes/panics
  • Talk in the GeekPwn China 2018 in Shanghai
    • Name: From Physical Security to Cyber Security: How to forge data spoofing personalized auto insurance
  • Organizer of 2018 Penn State Cybersecurity Competition in Pennsylvania State University

Publications

[1] Xu, J., Mu, D., Chen, P., Wang, P., Xing, X., Liu, P., “CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump”, In Proceedings of the 23nd ACM Conference on Computer and Communications Security (CCS 2016), Vienna, Austria, October 2016.

[2] Xu, J., Mu, D., Xing, X., Liu, P., Chen, P., Mao, B., “POMP: Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts”, In Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), VANCOUVER, BC, CANADA, AUGUST 2017.

[3] Mu, D., Guo, J., Ding, W., Wang, Z., Mao, B., Shi, L., “ROPOB: Obfuscating Binary Code via ReturnOriented Programming.” In International Conference on Security and Privacy in Communication Systems (SecureCOMM 17), Niagara Falls, Canada, October 2017.

[4] Mu, D., Cuevas, A., Yang, L., Hu, H., Wang, G., Xing, X., Mao, B., “Understanding the Reproducibility of Crowd-reported Security Vulnerabilities”, In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), BALTIMORE, MD, USA, AUGUST 2018.

[5] Guo, W., Mu, D., Xu, J., Su, P., Wang, G. , Xing, X., “LEMNA: Explaining Deep Learning based Security Applications”, In Proceedings of The 25th ACM Conference on Computer and Communications Security (CCS 2018), Toronto, Canada, October 2018. (Outstanding paper award)

[6] Guo, W.*, Mu, D.*, Xing, X., Du, M., Song, D., “DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis”, In Proceedings of the 28th USENIX Security Symposium (USENIX Security 2019), Santa Clara, US, August 2019.

[7] Chen, Y.*, Mu, D.*, Sun, Z., Xu, J., Shen, W., Xing, X., Lu, L., Mao B., “Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary”, In Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security (AsiaCCS 2019), AUCKLAND, NEW ZEALAND, July 2019

Note that * means equal contribution

CVEs discovered by me

CVE ID Vulnerability Type Vulnerable Software
CVE-2018-8816 Stack Exhaustion perl-5.26.1
CVE-2018-8881 Heap buffer overflow nasm-2.13.02rc2
CVE-2018-8882 Stack buffer overflow nasm-2.13.02rc2
CVE-2018-8883 Global buffer overflow nasm-2.13.02rc2
CVE-2018-10016 Division-by-zero nasm-2.14rc0
CVE-2018-9138 Stack Exhaustion binutils-2.29
CVE-2018-9996 Stack Exhaustion binutils-2.29
CVE-2018-10316 Denial-of-Service nasm-2.14rc0
CVE-2018-9251 Denial-of-Service libxml2-2.9.8

Open Source Projects

The following projects are Github / Bitbucket Repositories I maintained or contributed.

Research Projects:

Book-in-progress related with Linux Kernel

Misc Projects:

If you need my full CV, please feel free to contact me.