Jie Lu 陆杰
About Me
I am an Associate Professor at The Institute of Computing Technology of the Chinese Academy of Sciences. My research interests include software security and program analysis.
Recruiting
I’m currently looking for master students and interns. If you’re interested in pursuing a Ph.D., please check out our research group at https://ict-pag.github.io/. If you are passionate about systems, software, and security, please feel free to contact me! For more details, visit https://ict-pag.github.io/joining/.
Research
I am broadly interested in computer security, and my research frequently intersects software security, cloud systems, distributed systems, and program analysis. My research goal is to leverage program analysis techniques to identify bugs and vulnerabilities in software, thereby improving software reliability and security. My work has resulted in the discovery of over 200 bugs and vulnerabilities in the open-source community, leading to more than 100 CVE identifiers.
Research Directions
- Open Source Software Security
- Identifying common vulnerabilities in open-source software, such as OWASP Top Ten and OWASP API Top Ten, through static analysis techniques.
- Distributed Systems Reliability
- Finding bugs in distributed systems via fault injection.
- Log Analysis
- Analyzing software-generated (audit) logs for bugs (attack) tracing.
- Static Analysis
- Optimizing classic static analysis techniques such as pointer analysis and IFDS.
Funding
We are grateful for the following funding agencies and programs for supporting our research:
- Young Scientists Fund of the National Natural Science Foundation of China
- CCF-Huawei Innovation Research Plan
- CCF-Ant Research Fund
- Special Research Assistant Fund
- Innovation Project of the State Key Laboratory
Selected Publications
Detecting Broken Object-Level Authorization Vulnerabilities in Database-Backed Applications
Yongheng Huang, Chenghang Shi, Jie Lu, Haofeng Li, Haining Meng, Lian Li
CCS, 2024
Boosting the Performance of Alias-Aware IFDS Analysis with CFL-based Environment Transformers
Haofeng Li, Chenghang Shi, Jie Lu, Lian Li, Jingling Xue
OOPSLA, 2024
Better Not Together: Staged Solving for Context-Free Language Reachability
Chenghang Shi, Haofeng Li, Jie Lu, Lian Li
ISSTA, 2024
PEARL: A Multi-Derivation Approach to Efficient CFL-Reachability Solving
Chenghang Shi, Haofeng Li, Yulei Sui, Jie Lu, Lian Li, Jingling Xue
TSE, 2024
Generic Sensitivity: Generics-Guided Context Sensitivity for Pointer Analysis
Haofeng Li, Tian Tan, Yue Li, Jie Lu, Haining Meng, Liqing Cao, Yongheng Huang, Lian Li, Lin Gao, Peng Di, Liang Lin, ChenXi Cui
TSE, 2024
Boosting the Performance of Multi-Solver IFDS Algorithms with Flow-sensitivity Optimizations
Haofeng Li, Jie Lu, Haining Meng, Liqing Cao, Lian Li, Lin Gao
CGO, 2024
File Hijacking Vulnerability: The Elephant in the Room
Chendong Yu, Yang Xiao, Jie Lu, Yuekang Li, Yeting Li, L. Li, Y. Dong, J. Wang, J. Shi, D. Bo, W. Huo
NDSS, 2024
AutoWeb: Automatically Inferring Web Framework Semantics via Configuration Mutation
Haining Meng, Haofeng Li, Jie Lu, Chenghang Shi, Liqing Cao, Lian Li, lin Gao
ICECCS, 2024
Two Birds with One Stone: Multi-Derivation for Fast Context-Free Language Reachability Analysis
Chenghang Shi, Haofeng Li, Yulei Sui, Jie Lu, Lian Li, Jingling Xue
ASE, 2023
Detecting Missing-Permission-Check Vulnerabilities in Distributed Cloud Systems
Jie Lu, Haofeng Li, Chen Liu, Lian li, Kun Cheng
Best Paper Honorable Mention, ACM CCS, 2022
Generic Sensitivity: Customizing Context-Sensitive Pointer Analysis for Generics
Haofeng Li, Jie Lu, Haining Meng, Liqing Cao, Yongheng Huang, Lian Li, Lin Gao
ESEC/FSE, 2022
Exposing Vulnerable Paths: Enhance Static Analysis with Lightweight Symbolic Execution
Guangwei Li, Ting Yuan, Jie Lu, Lian Li, Xiaobin Zhang, Xu Song, Kejun Zhang
APSEC, 2021
Detecting TensorFlow Program Bugs in Real-World Industrial Environment
Chen Liu, Jie Lu, Guangwei Li, Ting Yuan, Lian Li, Feng Tan, Jun Yang, Liang You, Jingling Xue
ASE, 2021
Scaling Up the IFDS Algorithm with Efficient Disk-assisted Computing
Haofeng Li, Haining Meng, Hengjie Zheng, Liqing Cao, Jie Lu, Lian Li, Lin Gao
CGO, 2021
GoBench: a Benchmark Suite of Real-World Go Concurrency Bugs
Ting Yuan, Guangwei Li, Jie Lu, Chen Liu, Lian Li, Jingling Xue
CGO, 2021
CloudRaid: Detecting Distributed Concurrency Bugs via Log Mining and Enhancement
Jie Lu, Feng Li, Chen Liu, Lian Li, Xiaobing Feng, Jingling Xue
TSE, 2020
CrashTuner: detecting crash-recovery bugs in cloud systems via meta-info analysis
Jie Lu, Chen Liu, Lian Li, Xiaobing Feng, Feng Tan, Jun Yang, Liang You
SOSP, 2019
Understanding Node Change Bugs for Distributed Systems
Jie Lu, Liu Chen, Lian Li and Xiaobing Feng
SANER, 2019
CloudRaid: hunting concurrency bugs in the cloud via log-mining
Jie Lu, Feng Li, Lian Li and Xiaobing Feng
ESEC/FSE, 2018