Qingkai Zeng

Learn More
This paper presents a novel framework that enables practical event-driven monitoring for untrusted virtual machine monitors (VMMs) in cloud computing. Unlike previous approaches for VMM monitoring, our framework neither relies on a higher privilege level nor requires any special hardware support. Instead, we place the trusted monitor at the same privilege(More)
Integer-Overflow-to-Buffer-Overflow (<i>IO2BO</i>) vulnerabilities can be exploited by attackers to cause severe damages to computer systems. In this paper, we present the design and implementation of IntTracker, an efficient dynamic tracking technique for detecting IO2BO vulnerabilities in C/C++ programs. IntTracker utilizes a static taint analysis to(More)
Concolic testing is a popular method based on symbolic execution and constraint solving, designed for security testing of applications. Unfortunately, the current effectiveness of concolic testing tools are limited when testing large applications due to the enormous number of control paths and limited budget. In this paper, we introduce selective symbolic(More)
Code reuse attacks have become one of the most popular exploitation techniques, and coarse-grained control flow integrity (CFI) is a practical approach used to prevent such attacks. Recently, some new approaches have been proposed to construct call-preceded-ROP attacks to bypass coarse-grained CFI, however, we find that they still fail to bypass shadow(More)
Fork-based symbolic execution would waste large amounts of computing time and resource on invulnerable paths when applied to vulnerability detection. In this paper, we propose a statically-guided fork-based symbolic execution technique for vulnerability detection to mitigate this problem. In static analysis, we collect all valid jumps along vulnerable(More)
Several protocols have been proposed to defend against wormhole attacks in sensor networks by adopting cryptographic methods, packet leashes, directional antennas, or visualization, etc. In this paper, we propose a local energy-efficient method to detect wormhole attacks. This method can be applied in sensor networks with metric-based routing protocols and(More)
With the world population increasing rapidly, the conflicts between the population and limited resources have become more and more severe. Population growth is a root cause of many environmental and social problems. Therefore, it is of vital importance to make population predictions. However, predictions based on standard cohort-component method fails to(More)