发表论文
[1] 赵佳旭, 李悦康, 邹燕燕, 梁朝晖, 肖扬, 李页霆, 彭炳炜, 钟楠宇, 王欣熠, 王伟, 霍玮. Leveraging Semantic Relations in Code and Data to Enhance Taint Analysis of Embedded Systems. USENIX SEC (CCF-A). 2024, 第 11 作者 通讯作者 null(null): [2] 俞晨东, 肖扬, 陆杰, 李悦康, 李页霆, 李炼, 董一凡, 王翦, 石景宜, 薄德芳, 霍玮. File Hijacking Vulnerability: The Elephant in the Room. NDSS (CCF-A). 2024, 第 11 作者null(null): [3] 周建华, 李丰, 湛蓝蓝, 杜跃进, 霍玮. 一种基于无害处理识别的嵌入式设备漏洞检测方法. 信息安全研究[J]. 2023, 第 5 作者9(10): 954-960, http://lib.cqvip.com/Qikan/Article/Detail?id=7110577256.[4] Jiawei Yin, Menghao Li, Yuekang Li, Yong Yu, Boru Lin, Yanyan Zou, Yang Liu, Wei Huo, Jingling Xue. RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing. 2023 IEEE Symposium on Security and Privacy(SP). 2023, 第 8 作者null(null): https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10179421.[5] Li, Minghui, Xue, Jingfeng, Wang, Yong, Ma, Rui, Huo, Wei. NACDA: Naming-Based Access Control and Decentralized Authorization for Secure Many-to-Many Data Sharing. ELECTRONICS[J]. 2023, 第 5 作者12(7): http://dx.doi.org/10.3390/electronics12071651.[6] 卢昊良, 邹燕燕, 彭跃, 谭凌霄, 张禹, 刘龙权, 霍玮. 基于物联网设备局部仿真的反馈式模糊测试技术. 信息安全学报[J]. 2023, 第 7 作者8(1): 78-92, http://lib.cqvip.com/Qikan/Article/Detail?id=7108994176.[7] 王琛, 邹燕燕, 刘龙权, 彭跃, 张禹, 卢昊良, 王鹏举, 郭涛, 霍玮. 一种针对网络设备的已知漏洞定位方法. 信息安全学报[J]. 2023, 第 9 作者8(6): 48-63, http://jcs.iie.ac.cn/xxaqxb/ch/reader/view_abstract.aspx?file_no=20230605&flag=1.[8] 陈婧婷, 李丰, 陈晴方, 李平, 许丽丽, 霍玮. EBugDec: Detecting Inconsistency Bugs caused by RFC Evolution in Protocol Implementations. International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 2023, 第 6 作者[9] 石景宜, 肖扬, Yuekang Li, 李页霆, 于冬松, 俞晨东, 苏慧, 陈煜峰, 霍玮. ACETest: Automated Constraint Extraction for Testing Deep Learning Operators. ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) (CCF-A). 2023, 第 9 作者[10] Yu Zhang, Nanyu Zhong, Wei You, Yanyan Zou, Kunpeng Jian, Jiahuan Xu, Jian Sun, Baoxu Liu, Wei Huo. NDFuzz:a non-intrusive coverage-guided fuzzing framework for virtualized network devices. Cybersecurity[J]. 2023, 第 9 作者6(1): 54-74, http://lib.cqvip.com/Qikan/Article/Detail?id=7109341329.[11] 王欣熠, 张岑, 李页霆, 许智武, 黄帅霖, 刘艺, 姚祎璨, 肖扬, 邹燕燕, 刘杨, 霍玮. Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation. The 44th IEEE Symposium on Security and Privacy (S&P 2023, CCF-A). 2023, 第 11 作者[12] 尹嘉伟, 李孟豪, 霍玮. 处理器微体系结构安全研究综述. 信息安全学报[J]. 2022, 第 3 作者7(4): 17-31, http://jcs.iie.ac.cn/xxaqxb/ch/reader/view_abstract.aspx?file_no=20220402&flag=1.[13] 张禹, 钟楠宇, 游伟, 邹燕燕, 简鲲鹏, 许家欢, 孙俭, 刘宝旭, 霍玮. NDFuzz: a non-intrusive coverage-guided fuzzing framework for virtualized network devices. Cybersecurity[J]. 2022, 第 9 作者21 (2022)(5): [14] Ji Shi, Wei Zou, Chao Zhang, Lingxiao Tan, Yanyan Zou, Yue Peng, Wei Huo. CAMFuzz: Explainable Fuzzing with Local Interpretation. CYBERSECURITY[J]. 2022, 第 7 作者5(1): 1-20, http://dx.doi.org/10.1186/s42400-022-00116-x.[15] 刘丽艳, 李丰, 邹燕燕, 周建华, 朴爱花, 刘峰, 霍玮. SiCsFuzzer:基于稀疏插桩的闭源软件模糊测试方法. 信息安全学报[J]. 2022, 第 7 作者7(4): 55-70, http://lib.cqvip.com/Qikan/Article/Detail?id=7107787220.[16] chen jingting, 李丰, 徐明杰, 周建华, 霍玮. RIBDetector: an RFC-guided Inconsistency Bug Detecting Approach for Protocol Implementations.. SANER. 2022, 第 5 作者[17] 孙晴, 许丽丽, 肖扬, 李丰, 苏赫, 刘益铭, Hongyun Huang, 霍玮. VERJava: Vulnerable Version Identification for Java OSS with a Two-Stage Analysis. 2022 IEEE International Conference on Software Maintenance and Evolution (ICSME). 2022, 第 8 作者[18] Jiawe Yin, Menghao Li, Wei Wu, Dandan Sun, Jianhua Zhou, Wei Huo, Jingling Xue. Finding SMM Privilege-Escalation Vulnerabilities in UEFI Firmware with Protocol-Centric Static Analysis. 2022 IEEE Symposium on Security and Privacy (S&P). 2022, 第 6 作者 通讯作者 null(null): https://www.computer.org/csdl/proceedings-article/sp/2022/131600b570/1CIO8ohxLC8.[19] 苏赫, 许丽丽, 晁会娜, 李丰, 袁子牧, 周建华, 霍玮. A Sanitizer-centric Analysis to Detect Cross-Site Scripting in PHP Programs. 2022 IEEE International Symposium on Software Reliability Engineering (ISSRE). 2022, 第 7 作者[20] Zhang, Yu, Huo, Wei, Jian, Kunpeng, Shi, Ji, Liu, Longquan, Zou, Yanyan, Zhang, Chao, Liu, Baoxu. ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities. CYBERSECURITY[J]. 2021, 第 2 作者4(1): 364-385, http://dx.doi.org/10.1186/s42400-021-00091-9.[21] Yang Xiao, Zhengzi Xu, Weiwei Zhang, Chendong Yu, Longquan Liu, Wei Zou, Zimu Yuan. VIVA: Binary Level Vulnerability Identification via Partial Signature. SANER. 2021, [22] 李丰, 朴爱花, 霍玮, 刘宝旭, 邹维. 固件安全检测技术概述. 保密科学技术[J]. 2021, 第 3 作者3-9, http://lib.cqvip.com/Qikan/Article/Detail?id=7106532998.[23] Ban Gu, Xu Lili, Xiao Yang, Li Xinhua, Yuan Zimu, Huo Wei. B2SMatcher: fine-Grained version identification of open-Source software in binary files. CYBERSECURITY[J]. 2021, 第 6 作者4(4): 1-21, http://sciencechina.cn/gw.jsp?action=detail.jsp&internal_id=7080928&detailType=1.[24] Yu Zhang, Wei Huo, Kunpeng Jian, Ji Shi, Longquan Liu, Yanyan Zou, Chao Zhang, Baoxu Liu. ESRFuzzer:an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities. 网络空间安全科学与技术(英文)[J]. 2021, 第 2 作者4(1): 364-385, http://lib.cqvip.com/Qikan/Article/Detail?id=7106358293.[25] Li, Menghao, Wang, Pei, Wang, Wei, Wang, Shuai, Wu, Dinghao, Liu, Jian, Xue, Rui, Huo, Wei, Zou, Wei. Large-Scale Third-Party Library Detection in Android Markets. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING[J]. 2020, 第 8 作者46(9): 981-1003, [26] 邹燕燕, 邹维, 尹嘉伟, 霍玮, 杨梅芳, 孙丹丹, 史记. 变异策略感知的并行模糊测试研究. 信息安全学报[J]. 2020, 第 4 作者5(5): 1-16, [27] Lili Xu, Mingjie Xu, Feng Li, Wei Huo. ELAID:detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis. CYBERSECURITY[J]. 2020, 第 4 作者3(1): 1-19, http://lib.cqvip.com/Qikan/Article/Detail?id=7103849820.[28] Xiao, Yang, Chen, Bihuan, Yu, Chendong, Xu, Zhengzi, Yuan, Zimu, Li, Feng, Liu, Binghong, Liu, Yang, Huo, Wei, Zou, Wei, Shi, Wenchang. MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures. PROCEEDINGS OF THE 29TH USENIX SECURITY SYMPOSIUM. 2020, 第 9 作者 通讯作者 1165-1182, [29] Liu, Bingchang, Meng, Guozhu, Zou, Wei, Gong, Qi, Li, Feng, Lin, Min, Sun, Dandan, Huo, Wei, Zhang, Chao. A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned. 2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE, CCF-A). 2020, 第 8 作者1547-1559, [30] He, Xiaoyu, Erick Bauman, Li Feng, Yu Lei, Linyu Li, Liu, Bingchang, Piao, Aihua, Kevin W. Hamlen, Huo Wei, Zou Wei. Exploiting the Trust Between Boundaries: Discovering Memory Corruptions in Printers via Driver-Assisted Testing. LCTES 2020 (CCF-B类). 2020, 第 9 作者https://dl.acm.org/doi/10.1145/3372799.3394363.[31] Feng, Muyue, Yuan, Zimu, Li, Feng, Ban, Gu, Xiao, Yang, Wang, Shiyang, Tang, Qian, Su, He, Yu, Chendong, Xu, Jiahuan, Piao, Aihua, Xue, Jingling, Huo, Wei, IEEE. B2SFinder: Detecting Open-Source Software Reuse in COTS Software. 34TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE 2019). 2019, 第 13 作者1038-1049, http://dx.doi.org/10.1109/ASE.2019.00100.[32] Peng, Jiaqi, Li, Feng, Liu, Bingchang, Xu, Lili, Liu, Binghong, Chen, Kai, Huo, Wei. 1dVul: Discovering 1-day Vulnerabilities through Binary Patches. 2019 49TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN 2019)[J]. 2019, 第 7 作者null(null): 605-616, [33] Zhang, Yu, Huo, Wei, Jian, Kunpeng, Shi, Ji, Lu, Haoliang, Liu, Longquan, Wang, Chen, Sun, Dandan, Zhang, Chao, Liu, Baoxu, ACM. SRFuzzer: An Automatic Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities. 35TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSA). 2019, 第 2 作者 通讯作者 544-556, http://dx.doi.org/10.1145/3359789.3359826.[34] Feng Muyue, Mao Weixuan, Yuan Zimu, Xiao Yang, Ban Gu, Wang Wei, Wang Shiyang, Tang Qian, Xu Jiahuan, Su He, Liu Binghong, Huo Wei, Wang X, Lo D, Shihab E. Open-Source License Violations of Binary Software at Large Scale. 2019 IEEE 26TH INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING (SANER). 2019, 第 12 作者564-568, http://apps.webofknowledge.com/CitedFullRecord.do?product=UA&colName=WOS&SID=5CCFccWmJJRAuMzNPjj&search_mode=CitedFullRecord&isickref=WOS:000469754100056.[35] 袁子牧, 肖扬, 吴炜, 霍玮, 邹维. 知识、探索与状态平面组织的软件漏洞分析架构研究. 信息安全学报[J]. 2019, 第 4 作者4(6): 10-33, http://jcs.iie.ac.cn/xxaqxb/ch/reader/view_abstract.aspx?file_no=20190602&flag=1.[36] Hao, Gaojian, Li, Feng, Huo, Wei, Sun, Qing, Wang, Wei, Li, Xinhua, Zou, Wei, IEEE. Constructing Benchmarks for Supporting Explainable Evaluations of Static Application Security Testing Tools. 2019 13TH INTERNATIONAL SYMPOSIUM ON THEORETICAL ASPECTS OF SOFTWARE ENGINEERING (TASE 2019)[J]. 2019, 第 3 作者65-72, [37] 刘宁逸, 龚晓锐, 霍玮, 宋振宇. 网络场景背景流量管理系统的设计与实现. 2nd International Conference on Advances in Energy, Environment and Chemical Science (AEECS 2018). 2018, 第 3 作者[38] Zhong, Lujie, Yew, PenChung, Huo, Wei, Li, Feng, Feng, Xiaobing, Zhang, Zhaoqing. RARE: An Efficient Static Fault Detection Framework for Definition-Use Faults in Large Programs. IEEE ACCESS[J]. 2018, 第 3 作者6: 10432-10444, https://doaj.org/article/0fba3cde9e9043a59f2cad4e26371032.[39] 孙骁永, 王伟, 霍玮, 周建华. 动态事件序列制导的Android应用漏洞验证技术. 计算机工程与应用[J]. 2018, 第 3 作者54(6): 86-94, http://lib.cqvip.com/Qikan/Article/Detail?id=674777479.[40] Mingjie Xu, Qingjia Huang, Shengnan Li, Lili Xu, Feng Li, Wei Huo. A Light-weight and Accurate Method of Static Integer-Overflow-to-Buffer-Overflow Vulnerability Detection. The 14th International Conference on Information Security and Cryptology (Inscypt)[J]. 2018, 第 6 作者[41] Liu, Bingchang, Huo, Wei, Zhang, Chao, Li, Wenchao, Li, Feng, Piao, Aihua, Zou, Wei, Huchard, M, Kastner, C, Fraser, G. alpha Diff: Cross-Version Binary Code Similarity Detection with DNN. PROCEEDINGS OF THE 2018 33RD IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMTED SOFTWARE ENGINEERING (ASE' 18). 2018, 第 2 作者 通讯作者 667-678, [42] 杨梅芳, 霍玮, 邹燕燕, 尹嘉伟, 刘宝旭, 龚晓锐, 贾晓启, 邹维. 可编程模糊测试技术. 软件学报[J]. 2018, 第 2 作者29(5): 1258-1274, http://lib.cqvip.com/Qikan/Article/Detail?id=675240626.[43] 邹维, 霍玮, 刘奇旭. 确保软件供应链安全是一项系统工程. 中国信息安全[J]. 2018, 第 2 作者58-60, http://lib.cqvip.com/Qikan/Article/Detail?id=7000922352.[44] 霍玮, 戴戈, 史记, 龚晓锐, 贾晓启, 宋振宇, 刘宝旭, 邹维. 基于模式生成的浏览器模糊测试技术. 软件学报[J]. 2018, 第 1 作者29(5): 1275-1287, http://lib.cqvip.com/Qikan/Article/Detail?id=675240627.[45] Li, Menghao, Wang, Wei, Wang, Pei, Wang, Shuai, Wu, Dinghao, Liu, Jian, Xue, Rui, Huo, Wei, IEEE. LibD: Scalable and Precise Third-party Library Detection in Android Markets. 2017 IEEE/ACM 39TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE). 2017, 第 8 作者null(null): 335-346, [46] Li, Feng, Li, Zhiyuan, Huo, Wei, Feng, Xiaobing. Locating Software Faults Based on Minimum Debugging Frontier Set. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING[J]. 2017, 第 3 作者43(8): 760-776, http://dx.doi.org/10.1109/TSE.2016.2632122.[47] 廉美, 邹燕燕, 霍玮, 邹维. 动态资源感知的并行化模糊测试框架. 计算机应用研究[J]. 2017, 第 3 作者34(1): 52-57, http://lib.cqvip.com/Qikan/Article/Detail?id=670927970.[48] 吴炜, 霍玮, 邹维. 面向动态生成代码的攻防技术综述. 信息安全学报[J]. 2016, 第 2 作者1(4): 52-64, http://jcs.iie.ac.cn/xxaqxb/ch/reader/view_abstract.aspx?file_no=20160405&flag=1.[49] 梅瑞, 孟正, 霍玮. 典型文档类CVE漏洞检测工具的研究与实现. 信息网络安全[J]. 2014, 第 3 作者18-22, http://lib.cqvip.com/Qikan/Article/Detail?id=50110748.[50] 吕方, 崔慧敏, 霍玮, 冯晓兵. 面向并发性能下降的调度策略的综述. 计算机研究与发展[J]. 2014, 第 3 作者51(1): 17-30, http://lib.cqvip.com/Qikan/Article/Detail?id=48242828.[51] 衷璐洁, 霍玮, 李龙, 李丰, 冯晓兵, 张兆庆. 一种场景敏感的高效错误检测方法. 软件学报[J]. 2014, 第 2 作者25(3): 472-488, http://lib.cqvip.com/Qikan/Article/Detail?id=48805248.[52] Li Feng, Huo Wei, Chen Congming, Zhong Lujie, Feng Xiaobing, Li Zhiyuan, IEEE. Effective Fault Localization Based on Minimum Debugging Frontier Set. PROCEEDINGS OF THE 2013 IEEE/ACM INTERNATIONAL SYMPOSIUM ON CODE GENERATION AND OPTIMIZATION (CGO). 2013, 第 2 作者109-118, [53] 衷璐洁, 霍玮, 李丰, 陈聪明, 冯晓兵, 张兆庆. 基于传播引擎的指针引用错误检测. 计算机学报[J]. 2013, 第 2 作者36(2): 432-444, http://lib.cqvip.com/Qikan/Article/Detail?id=45002102.[54] 李丰, 霍玮, 陈聪明, 李龙, 衷璐洁, 冯晓兵. 一种基于最小调试边界的断点自动生成技术. 软件学报[J]. 2013, 第 2 作者24(7): 1455-1468, http://lib.cqvip.com/Qikan/Article/Detail?id=46248050.[55] 霍玮, 李丰, 丁兆伟, 桑春雷, 张兆庆, 冯晓兵. 一种提高时序安全属性静态检测实用性的方法. 计算机学报[J]. 2012, 第 1 作者35(2): 244-256, http://lib.cqvip.com/Qikan/Article/Detail?id=41120337.[56] Congming Chen, Huo Wei, Xiaobing Feng. Making It Practical and Effective: Fast and Precise May-Happen-in-Parallel Analysis. International conference on parallel architectures and compilation techniques(poster). 2012, 第 2 作者https://dl.acm.org/doi/10.1145/2370816.2370900.[57] Chen Congming, Huo Wei, Li Lung, Feng Xiaobing, Xing Kai, Shen H, Sang Y, Li Y, Qian D, Zomaya AY. Can We Make It Faster? Efficient May-Happen-in-Parallel Analysis Revisited. 2012 13TH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS, AND TECHNOLOGIES (PDCAT 2012). 2012, 第 2 作者59-64, http://dx.doi.org/10.1109/PDCAT.2012.59.[58] 李丰, 霍玮, 冯晓兵. 面向无线传感器网络应用的自适应调试方法. 计算机学报[J]. 2011, 第 2 作者34(7): 1195-1213, http://lib.cqvip.com/Qikan/Article/Detail?id=38725746.[59] 霍玮, 于洪涛, 冯晓兵, 张兆庆. 静态检测中断驱动程序的数据竞争. 计算机研究与发展[J]. 2011, 第 1 作者48(12): 2290-2299, http://lib.cqvip.com/Qikan/Article/Detail?id=40227822.[60] 陈聪明, 霍玮, 于洪涛, 冯晓兵. 基于包含的指针分析优化技术综述. 计算机学报[J]. 2011, 第 2 作者34(7): 1224-1238, http://lib.cqvip.com/Qikan/Article/Detail?id=38725748.[61] 谷晓铭, 霍玮, 桂剑, 贾耀仓. 一种检测运行栈与静态数据区重叠的新方法. 计算机工程与应用[J]. 2006, 第 2 作者42(20): 86-88,112, http://lib.cqvip.com/Qikan/Article/Detail?id=22383364.