Peking University, Beijing, June 7, 2010: On May 19, Wang Tielei, PhD candidate under the guidance of Prof. Zou Wei from the Institute of Computer Science of Peking University, reported his paper at IEEE Symposium on Security & Privacy 2010 (IEEE S&P’ 10), which is the top academic symposium in the information security field. This is the first time in 31 years for Chinese mainland researchers to publish a paper in this symposium. Wang Tielei was also given the Best Student Paper Award.
Since 1980, the IEEE Symposium on Security and Privacy (IEEE S&P) has been the premier forum for the presentation of developments in computer security and electronic privacy. The IEEE S&P has always been held at Oakland, California, so it is also known as the Oakland forum. Reviewing of submitted papers is so strict that the accepting ratio has only been 11% in the past five years.
The Engineering Research Center of Information Security of Institute of Computer Science is committed to the research on internet security monitoring and software security vulnerability analysis. Fuzz testing is an important way on finding security vulnerabilities in large programs. However, they are ineffective if most generated malformed inputs are rejected in the early stage of program running, especially when target programs employ checksum mechanisms to verify the integrity of inputs. In Wang Tielei’s paper, he presents TaintScope, an automatic fuzzing system using dynamic taint analysis and symbolic execution techniques, to tackle the problem mentioned above. “TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection”, the submitted paper by Wang Tielei, was accepted by IEEE S&P’ 10 after five rounds of rigorous reviews, and was named as the best student paper.
Wang Tielei finished his work in the group of software security vulnerability analysis of Engineering Research Center of Information Security. The group is interested in the fields of software reverse analysis and dynamic and static security vulnerabilities finding technologies under the guidance of Prof. Wei Tao. They have already found a number of security vulnerabilities in some popular software, and these vulnerabilities have been admitted by software vulnerability regulatory agencies, such as CVE and CNVD. Their papers also have been accepted by 14th International Static Analysis Symposium (SAS’ 07) and 16th Annual Network & Distributed System Security Symposium (NDSS’09), which have attracted attention from the related researchers.
Edited by: Connie Chang
Translated by: Su Juan
Source: PKU News (Chinese)