Systems Software & Security Lab

We build practical systems with focuses on security, performance, robustness, or often just for fun. Our research projects have been published in top academic conferences, and have made great impacts on real programs, such as Firefox, Android, and the Linux kernel, that you might be using every day. If you are interested in hacking with us, please fill the form (link).

News (all/20/19/18/17/16/15/14)

  • [09/28/2020] FFmalloc is accepted to Usenix Security '21
  • [08/25/2020] Revisiting Function Identification with Machine Learning is accepted to MLPA '20
  • [07/30/2020] Slimium and FreeDom are accepted to CCS '20!
  • [07/30/2020] Sanidhya, Meng and Hong start as an assistant professor at EPFL, the University of Waterloo, and Pennsylvania State University!
  • [05/01/2020] Our Pwn2Own 2020 winning submission for Safari is accepted to Black Hat USA 2020!
  • [04/27/2020] Sanidhya got the "Outstanding Research Graduate Research Assistant" Award from CoC!
  • [03/18/2020] Our team won Pwn2Own 2020 by exploiting Apple Safari with a kernel privilege escalation ($70K)!
  • [02/28/2020] Krace is accepted to S&P'20!
  • [02/09/2020] DIE is accepted to S&P'20!
  • [01/10/2020] Desensitization is accepted to NDSS'20!
  • [12/18/2019] ArcHeap is accepted to Security'20!
  • [11/13/2019] TypeDive got the Best Paper Award at CCS'19!
  • [11/11/2019] Our talk of ESXi security is accepted to 36C3!
  • [08/14/2019] Apollo is accepted to VLDB '20!
  • [07/30/2019] TypeDive is accepted to CCS '19!
  • [07/22/2019] Hydra, Recipe, Shfllock, and Splitfs (4 papers) are accepted to SOSP '19!
  • [07/11/2019] Google Tech Talk by Wen on file system fuzzing!
  • [06/25/2019] Exploitation chain of VMware ESXi is accepted to WOOT '19
  • [05/24/2019] Razor is accepted to Security'19!
  • [05/24/2019] $15k Bug Bounty from Microsoft (ChakraCore/CVE-2019-0609)