Jie Lu 陆杰

About Me

I am an Associate Professor at The Institute of Computing Technology of the Chinese Academy of Sciences. My research interests include software security and program analysis.

Recruiting

I’m currently looking for master students and interns. If you’re interested in pursuing a Ph.D., please check out our research group at https://ict-pag.github.io/. If you are passionate about systems, software, and security, please feel free to contact me! For more details, visit https://ict-pag.github.io/joining/.

Research

I am broadly interested in computer security, and my research frequently intersects software security, cloud systems, distributed systems, and program analysis. My research goal is to leverage program analysis techniques to identify bugs and vulnerabilities in software, thereby improving software reliability and security. My work has resulted in the discovery of over 200 bugs and vulnerabilities in the open-source community, leading to more than 100 CVE identifiers.

Research Directions

  1. Open Source Software Security
    • Identifying common vulnerabilities in open-source software, such as OWASP Top Ten and OWASP API Top Ten, through static analysis techniques.
  2. Distributed Systems Reliability
    • Finding bugs in distributed systems via fault injection.
  3. Log Analysis
    • Analyzing software-generated (audit) logs for bugs (attack) tracing.
  4. Static Analysis
    • Optimizing classic static analysis techniques such as pointer analysis and IFDS.

Funding

We are grateful for the following funding agencies and programs for supporting our research:

  • Young Scientists Fund of the National Natural Science Foundation of China
  • CCF-Huawei Innovation Research Plan
  • CCF-Ant Research Fund
  • Special Research Assistant Fund
  • Innovation Project of the State Key Laboratory

Selected Publications

Detecting Broken Object-Level Authorization Vulnerabilities in Database-Backed Applications
Yongheng Huang, Chenghang Shi, Jie Lu, Haofeng Li, Haining Meng, Lian Li
CCS, 2024

Boosting the Performance of Alias-Aware IFDS Analysis with CFL-based Environment Transformers
Haofeng Li, Chenghang Shi, Jie Lu, Lian Li, Jingling Xue
OOPSLA, 2024

Better Not Together: Staged Solving for Context-Free Language Reachability
Chenghang Shi, Haofeng Li, Jie Lu, Lian Li
ISSTA, 2024

PEARL: A Multi-Derivation Approach to Efficient CFL-Reachability Solving
Chenghang Shi, Haofeng Li, Yulei Sui, Jie Lu, Lian Li, Jingling Xue
TSE, 2024

Generic Sensitivity: Generics-Guided Context Sensitivity for Pointer Analysis
Haofeng Li, Tian Tan, Yue Li, Jie Lu, Haining Meng, Liqing Cao, Yongheng Huang, Lian Li, Lin Gao, Peng Di, Liang Lin, ChenXi Cui
TSE, 2024

Boosting the Performance of Multi-Solver IFDS Algorithms with Flow-sensitivity Optimizations
Haofeng Li, Jie Lu, Haining Meng, Liqing Cao, Lian Li, Lin Gao
CGO, 2024

File Hijacking Vulnerability: The Elephant in the Room
Chendong Yu, Yang Xiao, Jie Lu, Yuekang Li, Yeting Li, L. Li, Y. Dong, J. Wang, J. Shi, D. Bo, W. Huo
NDSS, 2024

AutoWeb: Automatically Inferring Web Framework Semantics via Configuration Mutation
Haining Meng, Haofeng Li, Jie Lu, Chenghang Shi, Liqing Cao, Lian Li, lin Gao
ICECCS, 2024

Two Birds with One Stone: Multi-Derivation for Fast Context-Free Language Reachability Analysis
Chenghang Shi, Haofeng Li, Yulei Sui, Jie Lu, Lian Li, Jingling Xue
ASE, 2023

Detecting Missing-Permission-Check Vulnerabilities in Distributed Cloud Systems
Jie Lu, Haofeng Li, Chen Liu, Lian li, Kun Cheng
Best Paper Honorable Mention, ACM CCS, 2022

Generic Sensitivity: Customizing Context-Sensitive Pointer Analysis for Generics
Haofeng Li, Jie Lu, Haining Meng, Liqing Cao, Yongheng Huang, Lian Li, Lin Gao
ESEC/FSE, 2022

Exposing Vulnerable Paths: Enhance Static Analysis with Lightweight Symbolic Execution
Guangwei Li, Ting Yuan, Jie Lu, Lian Li, Xiaobin Zhang, Xu Song, Kejun Zhang
APSEC, 2021

Detecting TensorFlow Program Bugs in Real-World Industrial Environment
Chen Liu, Jie Lu, Guangwei Li, Ting Yuan, Lian Li, Feng Tan, Jun Yang, Liang You, Jingling Xue
ASE, 2021

Scaling Up the IFDS Algorithm with Efficient Disk-assisted Computing
Haofeng Li, Haining Meng, Hengjie Zheng, Liqing Cao, Jie Lu, Lian Li, Lin Gao
CGO, 2021

GoBench: a Benchmark Suite of Real-World Go Concurrency Bugs
Ting Yuan, Guangwei Li, Jie Lu, Chen Liu, Lian Li, Jingling Xue
CGO, 2021

CloudRaid: Detecting Distributed Concurrency Bugs via Log Mining and Enhancement
Jie Lu, Feng Li, Chen Liu, Lian Li, Xiaobing Feng, Jingling Xue
TSE, 2020

CrashTuner: detecting crash-recovery bugs in cloud systems via meta-info analysis
Jie Lu, Chen Liu, Lian Li, Xiaobing Feng, Feng Tan, Jun Yang, Liang You
SOSP, 2019

Understanding Node Change Bugs for Distributed Systems
Jie Lu, Liu Chen, Lian Li and Xiaobing Feng
SANER, 2019

CloudRaid: hunting concurrency bugs in the cloud via log-mining
Jie Lu, Feng Li, Lian Li and Xiaobing Feng
ESEC/FSE, 2018

View all publications