My main research interests are in the areas of computer networks and security with emphasis on:
Applying static analysis for Android security vetting: The focus is on detecting security issues on Android application. A large portion of those issues can be resolved by addressing one core problem – capturing semantic behaviors of the app such as object points-to and control-/data-flow information. Thus, we designed an approach to conducting static analysis for vetting Android apps, and built a generic framework, called Amandroid, which does inter-component, flow-/context-sensitive data flow analysis. Based on Amandroid, we applied certain security applications on popular Android apps, and the results shows that the tool is capable of finding real security issues and efficient enough in terms of analysis time. Our research paper is accepted by CCS 2014. The Amandroid tool has been downloaded over 10,000 times as of Sep 2017 and become foundation of many research projects (cited over 180 times as of Sep 2017).
Android static analysis tool chain building: Based upon Amandroid work to design a comprehensive Android application analysis tool chain. Then, apply it into domains like: vulnerability finding, malware detection, etc. The current open source tools including: Argus-SAF (Amandroid is a submodule), Argus-CIT (code inspection IDE plugin for eclipse and intellij), jawa-compiler, jawa2java. For detailed information, please visit my project cite: PAG.
Android malware categorization and landscape study: By utilizing the tool chains I built during last couple years, I perform a large-scale landscape study to revealing the new threats and evolving trends of Android malware. This work presents a detailed picture of current malware behaviors and their evolving trend, which provides the Android malware research community a better ground truth dataset, a.k.a. Android Malware Dataset (AMD), for evaluating their approach. AMD have been shared with 50 research institute world-wide.
University of South Florida, Tampa, FL, USA
Ph.D. student in Computer Science, August 2015 – Present
Kansas State University, Manhattan, KS, USA
Ph.D. student in Computer Science, August 2012 - August 2015
People’s Public Security University, Beijing, China
B.S. in Computer Science, September 2008 - June 2012
JD.com American Technologies Corporation, Santa Clara, CA
Research & Development Intern, Sep 2017 - Nov 2017
Supervisor: Yueh-Hsun Lin, Manager: Jimmy Su
I am doing code review for JD’s web framework and applications to identify vulnerabilities. I am also doing hybrid code analysis research to provide automation solutions for java vulnerability finding.
SIG, Synopsys Inc, San Francisco, CA
Research & Development Intern, May 2017 - August 2017
Supervisor: Aaron Hurst, Manager: Timothy Alper
I am working in the Software Integrity Group (SIG) R&D team to design WEB/Android/IOS security checkers for Coverity static analysis tool.
B2B Lab, Samsung Research America, Mountain View, CA
Research & Development Intern, January 2015 - July 2015
Supervisor: Wu Zhou, Manager: Michael Grace
Our team is responsible of providing security solutions for Samsung’s internal products. My work includes:
- Perform static analysis and manual analysis for Samsung KNOX Trust-zone applications, and Samsung Pay backend framework codes.
- Designed an integrated android application reverse engineering and code analysis tool called Argus-CIT (Argus Code Inspect Tool), and implemented as a plugin for IntelliJ.
China Academy of Launch Vehicle Technology, Beijing, China
Research Intern, June 2011 – August 2011
Supervisor: Shuliang Ren
Central Control with MES System Integration Development.
- Participated in the control system interface development of external system which including the enterprise service bus (ESB), Web service and XML.
- The Honor Society of Phi Kappa Phi (ΦΚΦ)
- The cover image is Huang Guo Shu Waterfall (also known as Yellow Fruit Tree Waterfall) near my hometown. It is the world third largest waterfall located on the Baishui (white water) River in Anshun, Guizhou province, China.