Systems Software & Security Lab

We build practical systems with focuses on security, performance, robustness, or often just for fun. Our research projects have been published in top academic conferences, and have made great impacts on real programs, such as Firefox, Android, and the Linux kernel, that you might be using every day. If you are interested in hacking with us, please fill the form (link).

News (all/22/21/20/19/18/17/16/15/14)

  • [01/22/2022] PAL (ARM PAC for Linux) is accepted to USENIX Security!
  • [11/25/2021] $90k DeFi Bug Bounty, from Enzyme Finance
  • [10/26/2021] Rudra got a Distinguished Artifact Award at SOSP'21!
  • [08/08/2021] Rudra is accepted to SOSP'21!
  • [07/21/2021] HardsHeap is accepted to CCS'21!
  • [04/12/2021] C3 is accepted to HotOS'21!
  • [03/31/2021] Sanidhya got the Dissertation Award from CoC!
  • [03/22/2021] SNAP is accepted to CCS'21!
  • [03/12/2021] Fluffy is accepted to OSDI'21!
  • [02/01/2021] Grant by GT CoC to support our Fuzzing Farm construction ($10K)
  • [01/14/2021] Grant by Google to support our JavaScript fuzzing research ($5K)
  • [11/17/2020] Winnie is accepted to NDSS '21
  • [09/28/2020] FFmalloc is accepted to Usenix Security '21
  • [08/25/2020] Revisiting Function Identification with Machine Learning is accepted to MLPA '20
  • [07/30/2020] Slimium and FreeDom are accepted to CCS '20!
  • [07/30/2020] Sanidhya, Meng and Hong start as an assistant professor at EPFL, the University of Waterloo, and Pennsylvania State University!
  • [05/01/2020] Our Pwn2Own 2020 winning submission for Safari is accepted to Black Hat USA 2020!
  • [04/27/2020] Sanidhya got the "Outstanding Research Graduate Research Assistant" Award from CoC!
  • [03/18/2020] Our team won Pwn2Own 2020 by exploiting Apple Safari with a kernel privilege escalation ($70K)!
  • [02/28/2020] Krace is accepted to S&P'20!