I am a Ph.D. candidate in the department of Computer Science and Engineering at University of South Florida, and honored to be advised by Dr.Xinming (Simon) Ou. Furthermore, I am a member of Argus CyberSecurity Lab.

Research

My main research interests are in the areas of computer networks and security with emphasis on:

  • Applying static analysis for Android security vetting: The focus is on detecting security issues on Android application. A large portion of those issues can be resolved by addressing one core problem – capturing semantic behaviors of the app such as object points-to and control-/data-flow information. Thus, we designed an approach to conducting static analysis for vetting Android apps, and built a generic framework, called Amandroid, which does inter-component, flow-/context-sensitive data flow analysis. Based on Amandroid, we applied certain security applications on popular Android apps, and the results shows that the tool is capable of finding real security issues and efficient enough in terms of analysis time. Our research paper is accepted by CCS 2014. The Amandroid tool has been downloaded over 10,000 times as of Sep 2017 and become foundation of many research projects (cited over 180 times as of Sep 2017).
  • Android static analysis tool chain building: Based upon Amandroid work to design a comprehensive Android application analysis tool chain. Then, apply it into domains like: vulnerability finding, malware detection, etc. The current open source tools including: Argus-SAF (Amandroid is a submodule), Argus-CIT (code inspection IDE plugin for eclipse and intellij), jawa-compiler, jawa2java. For detailed information, please visit my project cite: PAG.
  • Android malware categorization and landscape study: By utilizing the tool chains I built during last couple years, I perform a large-scale landscape study to revealing the new threats and evolving trends of Android malware. This work presents a detailed picture of current malware behaviors and their evolving trend, which provides the Android malware research community a better ground truth dataset, a.k.a. Android Malware Dataset (AMD), for evaluating their approach. AMD have been shared with 50 research institute world-wide.

Education

University of South Florida, Tampa, FL, USA

Ph.D. student in Computer Science, August 2015 – Present

Kansas State University, Manhattan, KS, USA

Ph.D. student in Computer Science, August 2012 - August 2015

People’s Public Security University, Beijing, China

B.S. in Computer Science, September 2008 - June 2012

Industry Experience

JD.com American Technologies Corporation, Santa Clara, CA

Research & Development Intern, Sep 2017 - Nov 2017
Supervisor: Yueh-Hsun Lin

I am working in the security group and doing code analysis related research.

SIG, Synopsys Inc, San Francisco, CA

Research & Development Intern, May 2017 - August 2017
Supervisor: Aaron Hurst, Manager: Timothy Alper

I am working in the Software Integrity Group (SIG) R&D team to design WEB/Android/IOS security checkers for Coverity static analysis tool.

B2B Lab, Samsung Research America, Mountain View, CA

Research & Development Intern, January 2015 - July 2015
Supervisor: Wu Zhou, Manager: Michael Grace

Our team is responsible of providing security solutions for Samsung’s internal products. My work includes:

  • Perform static analysis and manual analysis for Samsung KNOX Trust-zone applications, and Samsung Pay backend framework codes.
  • Designed an integrated android application reverse engineering and code analysis tool called Argus-CIT (Argus Code Inspect Tool), and implemented as a plugin for IntelliJ.

China Academy of Launch Vehicle Technology, Beijing, China

Research Intern, June 2011 – August 2011
Supervisor: Shuliang Ren

Central Control with MES System Integration Development.

  • Participated in the control system interface development of external system which including the enterprise service bus (ESB), Web service and XML.

Professional Affiliations

miscellaneous

  • I play a little Harmonica (Blues harp and Chromatic), Piano, and Guitar, non-professional, just for enjoyment.
  • I am currently 5th kyū in Aikido. Aikido (Japanese: 合気道) [aikiꜜdoː] is a modern Japanese martial art developed by Morihei Ueshiba as a synthesis of his martial studies, philosophy, and religious beliefs.
  • The cover image is Huang Guo Shu Waterfall (also known as Yellow Fruit Tree Waterfall) near my hometown. It is the world third largest waterfall located on the Baishui (white water) River in Anshun, Guizhou province, China.