🔬 Let’s break some systems together! Our research directions are listed on this page for your reference and you can reach out to us to learn more. Also, feel free to BYOI (Bring Your Own Ideas) - your input is highly valued!

Research

Our lab develops techniques to improve the security, robustness, and trustworthiness of modern software, operating systems, and cyber-physical systems. We explore both automated analysis techniques and creative attack/defense methods, with an emphasis on scalable, practical, and systematic approaches.

We target a wide range of real-world systems:

  • Cyber-Physical Systems (CPS)
  • Large-scale software (OS, compilers, browsers)
  • ML/AI-based systems (including LLMs)
  • Safety-critical systems, protocols and infrastructures

We utilize and develop methods from:

  • Software engineering (automated testing, static/dynamic analysis)
  • Programming languages and compiler technologies
  • Hardware/software co-analysis
  • Machine learning (for both attack and defense)

1. Automated Vulnerability Discovery and Analysis

img

We design and build techniques to automatically find deep bugs and vulnerabilities in complex software systems.

Current projects include:

  • Specialized kernel bug detection systems (file systems, refcount, etc.)
  • Web browser accessibility-related bug and vulnerability detection
  • Compiler optimization bug identification
  • Vulnerability discovery in open-source anti-virus software
  • Graph-based identification of vulnerable code fragments
  • Automated exploit generation for software vulnerabilities
  • Hybrid, scalable verification of critical software code

2. Cyber-Physical System Security and Robustness

img

We investigate new attack vectors and fortification techniques for cyber-physical systems such as robots, drones, and IoT devices.

Current projects include:

  • Sensor-based attack methods on UAVs
  • Battery depletion attacks on mobile robots
  • Root cause analysis framework for robotic system failures
  • Complete testing of distributed robotic software
  • Automated recovery from robotic failures
  • Customizable swarm testbed for experimentation and attack/defense research
  • Exploring (the imperfectness of) physics simulators
  • Framework to identify logical errors in autonomous driving systems

3. Side Channels, Protocols, and Beyond

img

We explore techniques for analyzing systems and protocols where internals may not be fully visible.

Current projects include:

  • Reconstructing code coverage information through power consumption measurement of black-box IoT devices
  • Anomaly detection via acoustic signatures
  • Secure communication via inaudible acoustic signals
  • Protocol dialecting for low-cost security enhancement (e.g., authentication)

img

We study vulnerabilities and novel applications of Large Language Models (LLMs) and AI in security-critical contexts.

Current projects include:

  • LLM security: discovering vulnerabilities and unintended behaviors in generative models
  • LLM-driven software testing (input generation, behavioral analysis, constraint solving, etc.)
  • Long-term, silent user authentication via deployed LLM agents
  • Security issues in multimodal models, e.g., LLM + VLM (Vision-Language Models)

5. Building Secure System Foundations

img

We pursue cutting-edge techniques and frameworks to improve the security, testing, and analysis of modern computing systems.

Research themes include:

  • Advanced fuzzing and symbolic execution frameworks
  • Automated test generation for complex systems
  • Analysis of hardware/software interactions
  • Security-by-design methodologies for cyber-physical systems