Qingkai Zeng

Learn More
—Code reuse attacks have become one of the most popular exploitation techniques, and coarse-grained control flow integrity (CFI) is a practical approach used to prevent such attacks. Recently, some new approaches have been proposed to construct call-preceded-ROP attacks to bypass coarse-grained CFI, however, we find that they still fail to bypass shadow(More)
Integer-Overflow-to-Buffer-Overflow (<i>IO2BO</i>) vulnerabilities can be exploited by attackers to cause severe damages to computer systems. In this paper, we present the design and implementation of IntTracker, an efficient dynamic tracking technique for detecting IO2BO vulnerabilities in C/C++ programs. IntTracker utilizes a static taint analysis to(More)
Concolic testing is a popular method based on symbolic execution and constraint solving, designed for security testing of applications. Unfortunately, the current effectiveness of concolic testing tools are limited when testing large applications due to the enormous number of control paths and limited budget. In this paper, we introduce selective symbolic(More)
Integer overflow (<i>IO</i>) vulnerabilities can be exploited by attackers to compromise computer systems. In the mean time, IOs can be used intentionally by programmers for benign purposes such as hashing and random number generation. Hence, differentiating exploitable and harmful IOs from intentional and benign ones is an important challenge. It allows(More)
—Fork-based symbolic execution would waste large amounts of computing time and resource on invulnerable paths when applied to vulnerability detection. In this paper, we propose a statically-guided fork-based symbolic execution technique for vulnerability detection to mitigate this problem. In static analysis, we collect all valid jumps along vulnerable(More)
Several protocols have been proposed to defend against wormhole attacks in sensor networks by adopting cryptographic methods, packet leashes, directional antennas, or visualization, etc. In this paper, we propose a local energy-efficient method to detect wormhole attacks. This method can be applied in sensor networks with metric-based routing protocols and(More)
As an improvement on traditional random fuzzing, directed fuzzing utilizes dynamic taint analysis to locate regions of seed inputs which can influence security-sensitive program points, and focuses on mutating these identified regions to generate error-revealing test cases. The seed inputs are of great importance to directed fuzzing, because they(More)