个人简介
我目前担任华中科技大学(Huazhong University of Science and Technology, HUST)网络空间安全学院副教授。我毕业于南京大学,获计算机科学与技术系博士学位,读博期间曾与美国宾夕法尼亚州立大学的邢新宇教授开展深入合作。我的研究工作由我所在的开源操作系统优化安全实验室(OS³ Lab,Open Source Operating System Optimal Security Lab) 团队共同开展,核心研究方向为 Linux 内核安全,近期相关成果已发表于多个国际顶级学术会议,包括 IEEE Oakland S&P, USENIX Security, ACM CCS, NDSS, and ASE。此外,我与团队当前正积极探索新兴研究领域,涵盖大语言模型(LLM)安全应用、车载操作系统安全,且研究重点均围绕实际工业应用场景展开。
我曾荣获2018年ACM CCS杰出论文奖(ACM CCS 2018 Outstanding Paper Award),并因对Linux内核及Syzkaller(内核模糊测试工具)的贡献,获得2023年谷歌开源同行奖励计划(2023 Google Open Source Peer Bonus Award)。此外,我的研究成果还先后获得认可,于 2022年、2024 年入选武汉市人才计划(Wuhan Talent Programs)。
[招收意向学生] 我拟招收多名博士生和硕士生,同时招收本科及研究生实习生。申请者需在系统/软件安全(System/Software Security)领域具备扎实的专业基础。若有意向,请发送包含个人相关信息的邮件至我的邮箱:dzm91@hust.edu.cn。
研究兴趣
我目前的研究方向聚焦于软件与系统安全(Software and System Security)。具体而言,我的研究兴趣涵盖以下领域:漏洞模糊测试(Vulnerability Fuzzing)、漏洞分析(含崩溃去重(Crash Deduplication)、崩溃诊断(Crash Diagnosis)、漏洞复现(Vulnerability Reproduction))及漏洞评估(Vulnerability Assessment)。此外,我还关注操作系统内核安全(OS kernel security)与车联网(Internet of Vehicles, IoV)安全领域的研究。
教育背景
- 博士 (2014.09 - 2019.12), 计算机科学与技术,南京大学
- 导师: 茅兵教授
- 本科 (2010.09 - 2014.06), Computer Science and Technology, Zhengzhou University 计算机科学与技术,郑州大学
荣誉奖项
- 武汉英才领军人才, 2024
- 谷歌开源贡献奖, 2023
- 武汉英才优秀青年人才, 2022
- ACM CCS 杰出论文奖, 2018
论文
* 意味着相同贡献
会议论文
-
[Oakland SP 26] PORTGPT: Towards Automated Backporting Using Large Language [Paper]
Zhaoyang Li, Zheng Yu, Jingyi Song, Meng Xu, Yuxuan Luo, Dongliang Mu
Proceedings of the 46rd IEEE Symposium on Security and Privacy -
[Black Hat Europe 25] Token Injection: Crashing LLM Inference With Special Tokens
Pengyu Ding, Ziteng Xu, Zhiniang Peng, Dongliang Mu
Proceedings of the 2025 Black Hat Europe -
[VehicleSec 25] WIP: QKSAN: Towards Multiple Sanitizers for In-vehicle COTS OS Kernels [Paper]
Yalong Zou, Ziqiu Cheng, Dongliang Mu
Proceedings of the 3rd USENIX Symposium on Vehicle Security and Privacy -
[USENIX Security 25] PatchAgent: A Practical Program Repair Agent Mimicking Human Expertise [Paper]
Zheng Yu, Ziyi Guo, Yuhang Wu, Jiahao Yu, Meng Xu, Dongliang Mu, Yan Chen, Xinyu Xing
Proceedings of the 34nd USENIX Security Symposium -
[USENIX Security 23] Mitigating Security Risks in Linux with KLAUS : A Method for Evaluating Patch Correctness [Paper]
Yuhang Wu, Zhenpeng Lin, Yueqi Chen, Dang Le, Dongliang Mu, Xinyu Xing
Proceedings of the 32nd USENIX Security Symposium -
[NDSS 22] An In-depth Analysis of Duplicated Linux Kernel Bug Reports [Paper]
Dongliang Mu, Yuhang Wu, Yueqi Chen, Zhenpeng Lin, Chensheng Yu, Xinyu Xing, Gang Wang
Proceedings of the Network and Distributed System Security Symposium -
[Oakland SP 22] GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs [Paper]
Zhenpeng Lin, Yueqi Chen, Dongliang Mu, Chensheng Yu, Yuhang Wu, Kang Li, Xinyu Xing
Proceedings of the 43rd IEEE Symposium on Security and Privacy (CSAW 22 Finalist) -
[TrustComm 21] RoBin: Facilitating the Reproduction of Configuration-Related Vulnerability [Paper]
Ligeng Chen, Jian Guo, Zhongling He, Dongliang Mu, and Bing Mao
Proceedings of the 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications -
[USENIX Security 19] DEEPVSA: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis [Paper]
Wenbo Guo*, Dongliang Mu*, Xinyu Xing, Min Du, Dawn Song
Proceedings of the 28th USENIX Security Symposium -
[AsiaCCS 19] Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary [Paper]
Yaohui Chen*, Dongliang Mu*, Jun Xu, Zhichuang Sun, Wenbo Shen, Xinyu Xing, Long Lu, Bing Mao
Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security -
[ASE 19] RENN: Efficient Reverse Execution with Neural-Network-assisted Alias Analysis [Paper]
Dongliang Mu*, Wenbo Guo*, Alejandro Cuevas, Yueqi Chen, Jinxuan Gai, Xinyu Xing, Bing Mao, Chengyu Song
Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering -
[PRICAI 19] Building Adversarial Defense with Non-invertible Data Transformations [Paper]
Wenbo Guo, Dongliang Mu, Ligeng Chen, Jinxuan Gai
Proceedings of the 16th Pacific Rim International Conference on Artificial Intelligence -
[USENIX Security 18] Understanding the Reproducibility of Crowd-reported Security Vulnerabilities [Paper]
Dongliang Mu, Alejandro Cuevas, Limin Yang, Hang Hu, Xinyu Xing, Bing Mao, Gang Wang
Proceedings of the 27th USENIX Security Symposium -
[ACM CCS 18] LEMNA: Explaining Deep Learning based Security Applications [Paper]
Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, Gang Wang, Xinyu Xing
Proceedings of The 25th ACM Conference on Computer and Communications Security Outstanding paper award -
[USENIX Security 17] POMP: Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts [Paper]
Jun Xu, Dongliang Mu, Xinyu Xing, Peng Liu, Ping Chen, Bing Mao
Proceedings of the 26th USENIX Security Symposium -
[SecureCOMM 17] ROPOB: Obfuscating Binary Code via ReturnOriented Programming [Paper]
Dongliang Mu, Jia Guo, Wenbiao Ding, Zhilong Wang, Bing Mao, Lei Shi
International Conference on Security and Privacy in Communication Systems -
[SecureCOMM 17] DiffGuard: Obscuring Sensitive Information in Canary Based Protections [Paper]
Jun Zhu, Weiping Zhou, Zhilong Wang, Dongliang Mu, Bing Mao
International Conference on Security and Privacy in Communication Systems -
[ACM CCS 16] CREDAL: Towards Locating a Memory Corruption Vulnerability with Your Core Dump [Paper]
Jun Xu, Dongliang Mu, Ping Chen, Xinyu Xing, Pei Wang, Peng Liu
Proceedings of the 23nd ACM Conference on Computer and Communications Security
期刊论文
-
[ToSEM 23] Characterizing and Detecting WebAssembly Runtime Bugs [Paper]
Yixuan Zhang, Shangtong Cao, Haoyu Wang, Zhenpeng Chen, Xiapu Luo, Dongliang Mu, Yun Ma, Gang Huang, Xuanzhe Liu
ACM Transactions on Software Engineering and Methodology -
[TDSC 23] Towards Unveiling Exploitation Potential with Multiple Error Behaviors for Kernel Bugs [Paper]
Ziqin Liu, Zhenpeng Lin, Yueqi Chen, Yuhang Wu, Yalong Zou, Dongliang Mu, and Xinyu Xing
IEEE Transactions on Dependable and Secure Computing -
[TSE 19] POMP++: Facilitating Postmortem Program Diagnosis with Value-set Analysis [Paper]
Dongliang Mu, Yunlan Du, Jianhao Xu, Jun Xu, Xinyu Xing, Bing Mao, Peng Liu
IEEE Transactions on Software Engineering
报告
- Facilitating the Removal of Kernel Vulnerability with Crash Triage
- ASSS 2022 Workshop (co-located with Euro S&P 2022), Genoa, Italy
- Towards Facilitating the Removal of Software Vulnerability
- Security Seminar, Qingdao, Shandong, China
- InforSec Workshop, Wuhan, Hubei, China
- Ptrix: Efficient Hardware-Assisted Fuzzing for COTS Binary
- AsiaCCS 2019, Auckland, New Zealand
- Towards Facilitating the Removal of Software Defects
- QiZhen Youth Forum in Zhejiang University 2019, Zhejiang, China
- From Physical Security to Cyber Security: How to forge data spoofing personalized auto insurance
- Geekpwn China 2018, Shanghai, China
- Understanding the Reproducibility of Crowd-reported Security Vulnerabilities
- USENIX Security 2018, Baltimore, USA
发现的 CVEs
| CVE ID | Vulnerability Type | Vulnerable Software |
|---|---|---|
| CVE-2018-8816 | Stack Exhaustion | perl-5.26.1 |
| CVE-2018-8881 | Heap buffer overflow | nasm-2.13.02rc2 |
| CVE-2018-8882 | Stack buffer overflow | nasm-2.13.02rc2 |
| CVE-2018-8883 | Global buffer overflow | nasm-2.13.02rc2 |
| CVE-2018-10016 | Division-by-zero | nasm-2.14rc0 |
| CVE-2018-9138 | Stack Exhaustion | binutils-2.29 |
| CVE-2018-9996 | Stack Exhaustion | binutils-2.29 |
| CVE-2018-10316 | Denial-of-Service | nasm-2.14rc0 |
| CVE-2018-9251 | Denial-of-Service | libxml2-2.9.8 |
| CVE-2021-37159 | Double Free | Linux Kernel |
| CVE-2022-27950 | Memory Leak | Linux Kernel |
| CVE-2022-30868 | Uninitialized Use | Linux Kernel |
| CVE-2022-30869 | Improper Input Valid. | Linux Kernel |
| CVE-2022-2978 | Use After Free | Linux Kernel |
| CVE-2022-3239 | Use After Free | Linux Kernel |
| CVE-2022-3577 | Out-of-Bound Write | Linux Kernel |
| CVE-2023-2985 | Use After Free | Linux Kernel |
上游补丁
- 124 被接收的补丁,详见 Linux kernel mainline