I am an associate professor in the school of Cyber Science and Engineering at Huazhong University of Science and Technology(HUST). I earned my Ph.D. in Computer Science from Nanjing University, and fortunately was supervised by Bing Mao. During my Ph.D. career, I collabrated and studied a lot from Xinyu Xing at Penn State University. My recent projects are focused on Linux Kernel Security and my work is usually published in conferences such as Usenix Security/CCS/NDSS/Oakland, and ASE. And I am a recipient of the ACM CCS Outstanding Paper Award (2018).

[Prospective Students] I am looking for multiple Ph.D. students and undergraduate/graduate research interns who share my academic interests and have a solid background in System/Software Security. If you are interested, please send me emails about your information.

Research interest

My current research focuses on Software and System Security. More specifically, my research interests span the areas of Vulnerability Fuzzing, Vulnerability Analysis (including Crash Deduplication, Crash Diagnosis, Vulnerability Reproduction) and Vulnerability Assessment.

Education

  • Ph.D. (2014.09 - 2019.12), Computer Science and Technology, Nanjing University
  • B.E. (2010.09 - 2014.06), Computer Science and Technology, Zhengzhou University

Experience

  • Associate Professor, Huazhong University of Science and Technology (2020/08 - Now)

  • Research Fellow, Pennsylvania State University (2020/01 - 2020/07)
  • Organizer of 2018 Penn State Cybersecurity Competition, Pennsylvania State University
  • Research Assistant in Software and System Security, Pennsylvania State University (2016 - 2020)
  • Graduate Research and Teaching Assistant, Nanjing University (2014 - 2019)

Honors & Awards

  • Student Travel Grant of 14th ACM ASIACCS, 2019
  • Artificial Intelligence Scholarship at Nanjing University, 2018
  • ACM CCS Outstanding Paper Award (Top 1), 2018
  • Student Travel Grant of 38th IEEE Symposium on Security and Privacy, 2017

Publications

* means equal contribution

Conference Papers

  • [NDSS 22] An In-depth Analysis of Duplicated Linux Kernel Bug Reports [Paper]
    Dongliang Mu, Yuhang Wu, Yueqi Chen, Zhenpeng Lin, Chensheng Yu, Xinyu Xing, Gang Wang
    Proceedings of the Network and Distributed System Security Symposium

  • [Oakland SP 22] GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs [Paper]
    Zhenpeng Lin, Yueqi Chen, Dongliang Mu, Chensheng Yu, Yuhang Wu, Kang Li, Xinyu Xing
    Proceedings of the 43rd IEEE Symposium on Security and Privacy

  • [TrustComm 21] RoBin: Facilitating the Reproduction of Configuration-Related Vulnerability [Paper]
    Ligeng Chen, Jian Guo, Zhongling He, Dongliang Mu, and Bing Mao
    Proceedings of the 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

  • [USENIX Security 19] DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis [Paper]
    Wenbo Guo*, Dongliang Mu*, Xinyu Xing, Min Du, Dawn Song
    Proceedings of the 28th USENIX Security Symposium

  • [AsiaCCS 19] Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary [Paper]
    Yaohui Chen*, Dongliang Mu*, Jun Xu, Zhichuang Sun, Wenbo Shen, Xinyu Xing, Long Lu, Bing Mao
    Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security

  • [ASE 19] RENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis [Paper]
    Dongliang Mu*, Wenbo Guo*, Alejandro Cuevas, Yueqi Chen, Jinxuan Gai, Xinyu Xing, Bing Mao, Chengyu Song
    Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering

  • [PRICAI 19] Building Adversarial Defense with Non-invertible Data Transformations [Paper]
    Wenbo Guo, Dongliang Mu, Ligeng Chen, Jinxuan Gai
    Proceedings of the 16th Pacific Rim International Conference on Artificial Intelligence

  • [USENIX Security 18] Understanding the Reproducibility of Crowd-reported Security Vulnerabilities [Paper]
    Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, Gang Wang
    Proceedings of the 27th USENIX Security Symposium

  • [ACM CCS 18] LEMNA: Explaining Deep Learning based Security Applications [Paper]
    Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, Xinyu Xing
    Proceedings of The 25th ACM Conference on Computer and Communications Security Outstanding paper award

  • [USENIX Security 17] POMP: Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts [Paper]
    Jun Xu, Dongliang Mu, Xinyu Xing, Peng Liu, Ping Chen, Bing Mao
    Proceedings of the 26th USENIX Security Symposium

  • [SecureCOMM 17] ROPOB: Obfuscating Binary Code via ReturnOriented Programming [Paper]
    Dongliang Mu, Jia Guo, Wenbiao Ding, Zhilong Wang, Bing Mao, Lei Shi
    International Conference on Security and Privacy in Communication Systems

  • [SecureCOMM 17] DiffGuard: Obscuring Sensitive Information in Canary Based Protections [Paper]
    Jun Zhu, Weiping Zhou, Zhilong Wang, Dongliang Mu, Bing Mao
    International Conference on Security and Privacy in Communication Systems

  • [ACM CCS 16] CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump [Paper]
    Jun Xu, Dongliang Mu, Ping Chen, Xinyu Xing, Pei Wang, Peng Liu
    Proceedings of the 23nd ACM Conference on Computer and Communications Security

Journal Papers

  • [TSE 19] POMP++: Facilitating Postmortem Program Diagnosis with Value-set Analysis [Paper]
    Dongliang Mu, Yunlan Du, Jianhao Xu, Jun Xu, Xinyu Xing, Bing Mao, Peng Liu
    IEEE Transactions on Software Engineering

Talks

Open Source Projects

Research Projects:

Book-in-progress related with Linux Kernel

CVEs discovered by me

CVE ID Vulnerability Type Vulnerable Software
CVE-2018-8816 Stack Exhaustion perl-5.26.1
CVE-2018-8881 Heap buffer overflow nasm-2.13.02rc2
CVE-2018-8882 Stack buffer overflow nasm-2.13.02rc2
CVE-2018-8883 Global buffer overflow nasm-2.13.02rc2
CVE-2018-10016 Division-by-zero nasm-2.14rc0
CVE-2018-9138 Stack Exhaustion binutils-2.29
CVE-2018-9996 Stack Exhaustion binutils-2.29
CVE-2018-10316 Denial-of-Service nasm-2.14rc0
CVE-2018-9251 Denial-of-Service libxml2-2.9.8
CVE-2021-37159 Double Free Linux Kernel
CVE-2022-27950 Memory Leak Linux Kernel

Upstream Linux Kernel Bug Patches

Age Kernel Commits
2022-03-22 ntfs: add sanity check on allocation size
2022-03-17 fs: erofs: add sanity check for kobject in erofs_unregister_sysfs
2022-03-14 btrfs: don’t access possibly stale fs_info data in device_list_add
2022-03-07 media: hdpvr: initialize dev->worker at hdpvr_register_videodev
2022-02-22 media: em28xx: initialize refcount before kref_get
2022-01-24 HID: elo: fix memory leak in elo_probe
2021-12-06 spi: change clk_disable_unprepare to clk_unprepare
2021-12-03 usb: bdc: fix error handling code in bdc_resume
2021-11-30 dpaa2-eth: destroy workqueue at the end of remove function
2021-11-09 f2fs: fix UAF in f2fs_available_free_memory
2021-10-27 fs: reiserfs: remove useless new_opts in reiserfs_remount
2021-10-25 dmaengine: tegra210-adma: fix pm runtime unbalance in tegra_adma_remove
2021-10-25 dmaengine: tegra210-adma: fix pm runtime unbalance
2021-10-25 dmaengine: rcar-dmac: refactor the error handling code of rcar_dmac_probe
2021-10-24 can: xilinx_can: xcan_remove(): remove redundant netif_napi_del()
2021-10-07 memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
2021-09-23 JFS: fix memleak in jfs_mount
2021-08-13 ipack: tpci200: fix memory leak in the tpci200_register
2021-08-13 ipack: tpci200: fix many double free issues in tpci200_pci_probe
2021-08-04 media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
2021-07-22 spi: meson-spicc: fix memory leak in meson_spicc_remove
2021-07-22 media: dvb-usb: Fix error handling in dvb_usb_i2c_init
2021-07-22 media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
2021-07-22 media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
2021-07-21 usb: hso: remove the bailout parameter
2021-07-21 usb: hso: fix error handling code of hso_create_net_device
2021-07-17 netfilter: nf_tables: fix audit memory leak in nf_tables_commit
2021-07-15 usb: hso: fix error handling code of hso_create_net_device
2021-07-08 ieee802154: hwsim: fix GPF in hwsim_new_edge_nl
2021-07-07 ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi
2021-06-22 ieee802154: hwsim: Fix memory leak in hwsim_add_one
2021-06-18 net: caif: modify the label out_err to out
2021-06-16 net: usb: fix possible use-after-free in smsc75xx_bind
2021-06-14 ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
2021-06-08 media: dvd_usb: memory leak in cinergyt2_fe_attach
2021-06-02 ALSA: control led: fix memory leak in snd_ctl_led_register
2021-05-21 misc/uss720: fix memory leak in uss720_probe
2021-05-17 NFC: nci: fix memory leak in nci_allocate_device
2021-01-26 usbnet: fix the indentation of one code snippet
2018-08-08 scsi: aacraid: Spelling fix in comment