Archives of Peking University News - PKU English - 北京大学

北京大学英语新闻网/Peking University News
PKU PhD Candidate Awarded at IEEE
Symposium on Security & Privacy 2010
PKU NEWS 2010--06--07
http://ennews.pku.edu.cn/news.php?s=275981504
Peking University, Beijing, June 7, 2010: On May 19, Wang Tielei, PhD candidate
under the guidance of Prof. Zou Wei from the Institute of Computer Science of
Peking University, reported his paper at IEEE Symposium on Security & Privacy
2010 (IEEE S&P‘ 10), which is the top academic symposium in the information
security field. This is the first time in 31 years for Chinese mainland researchers to
publish a paper in this symposium. Wang Tielei was also given the Best Student
Paper Award.
Since 1980, the IEEE Symposium on Security and Privacy (IEEE S&P) has been the
premier forum for the presentation of developments in computer security and
electronic privacy. The IEEE S&P has always been held at Oakland, California, so it
is also known as the Oakland forum. Reviewing of submitted papers is so strict that
the accepting ratio has only been 11% in the past five years.
The Engineering Research Center of Information Security of Institute of Computer
Science is committed to the research on internet security monitoring and software
security vulnerability analysis. Fuzz testing is an important way on finding security
vulnerabilities in large programs. However, they are ineffective if most generated
malformed inputs are rejected in the early stage of program running, especially when
target programs employ checksum mechanisms to verify the integrity of inputs. In
Wang Tielei‘s paper, he presents TaintScope, an automatic fuzzing system using
dynamic taint analysis and symbolic execution techniques, to tackle the problem
mentioned above. ―TaintScope: A Checksum-Aware Directed Fuzzing Tool for
Automatic Software Vulnerability Detection‖, the submitted paper by Wang Tielei,
was accepted by IEEE S&P‘ 10 after five rounds of rigorous reviews, and was named
as the best student paper.
Wang Tielei finished his work in the group of software security vulnerability analysis
of Engineering Research Center of Information Security. The group is interested in
the fields of software reverse analysis and dynamic and static security vulnerabilities
finding technologies under the guidance of Prof. Wei Tao. They have already found a
number of security vulnerabilities in some popular software, and these vulnerabilities
have been admitted by software vulnerability regulatory agencies, such as CVE and
10