程亮 男  软件研究所
电子邮件:chengliang@iscas.ac.cn
通信地址:北京市中关村南四街4号,5号楼809
邮政编码:100190

研究领域

软件与系统安全


招生信息

   
招生专业
083900-网络空间安全
招生方向
可信操作系统与系统保障,程序安全性分析,信息物理系统安全

教育背景

2003-09--2009-06 中国科学技术大学 工学博士
1999-09--2003-06 中国科学技术大学 工学学士

工作经历

   
工作简历
2014-01~2016-01,宾夕法尼亚大学, 访问学者
2013-12~现在, 中国科学院软件研究所, 副研究员
2009-07~2013-12,中国科学院软件研究所, 助理研究员

专利与奖励

   
专利成果
[1] 程亮, 张阳, 冯登国. 一种测试用例集生成方法. 中国: CN102193858A, 2011-09-21.

[2] 张阳, 程亮, 冯登国. 一种计算机系统安全模型验证方法. 中国: CN102194061A, 2011-09-21.

出版信息

   
发表论文
[1] 张阳, 范俊杰, 孙晓山, 张颖君, 程亮. 基于系统调用序列学习的内核模糊测试. 计算机系统应用[J]. 2023, https://.
[2] 张颖君, 周赓, 程亮, 孙晓山, 张阳. 基于双重覆盖信息协同的协议模糊测试. 计算机系统应用[J]. 2023, https://.
[3] 张阳, 佟思明, 程亮, 孙晓山. 模糊测试改进技术评估. 计算机系统应用[J]. 2022, 31(10): 1-14, 
[4] 程亮, 王化磊, 张阳, 孙晓山. 基于聚类和新覆盖信息的模糊测试改进. 计算机系统应用[J]. 2022, 31(9): 192-200, http://lib.cqvip.com/Qikan/Article/Detail?id=7108011598.
[5] 王文硕, 程亮, 张阳, 李振. 基于函数重要度的模糊测试方法. 计算机系统应用[J]. 2021, 30(11): 145-154, 
[6] 王敏, 冯登国, 程亮, 张阳. 基于机器学习的模糊测试种子输入优化. 计算机系统应用[J]. 2021, 30(6): 1-8, 
[7] Li Zhangtan, Cheng Liang, Zhang Yang, Feng Dengguo. Understanding and Mitigating Security Risks of Network on Medical Cyber Physical System. 2021 The 16th International Conference on Wireless Algorithms, Systems, and Applications. 2021, 
[8] Fu Yu, Tong Siming, Guo Xiangyu, Cheng Liang, Zhang Yang, Feng Dengguo. Improving the Effectiveness of Grey-box Fuzzing By Extracting Program Information. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 2020, 
[9] 刘天鹏, 程亮, 张阳, 佟思明. 基于文件格式信息的改进模糊测试方法. 计算机系统应用[J]. 2019, 28(5): 10-17, http://lib.cqvip.com/Qikan/Article/Detail?id=7001939688.
[10] 傅玉, 石东辉, 张阳, 程亮. 基于覆盖频率的模糊测试改进方法. 计算机系统应用[J]. 2019, 17-24, http://lib.cqvip.com/Qikan/Article/Detail?id=88848989504849574849484851.
[11] 李张谭, 程亮, 张阳. 基于深度学习的模糊测试种子生成技术. 计算机系统应用[J]. 2019, 28(4): 9-17, http://lib.cqvip.com/Qikan/Article/Detail?id=88848989504849574852484851.
[12] Cheng, Liang, Zhang, Yang, Zhang, Yi, Wu, Chen, Li, Zhangtan, Fu, Yu, Li, Haisheng. Optimizing seed inputs in fuzzing with machine learning. 2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2019). 2019, 244-245, 
[13] Li, Zhangtan, Cheng, Liang, Zhang, Yang. Tracking Sensitive Information and Operations in Integrated Clinical Environment. 2019 18TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS/13TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING (TRUSTCOM/BIGDATASE 2019). 2019, 192-199, 
[14] Li, Zhangtan, Cheng Liang, Yang Zhang. Mitigating network-layer security attacks on authentication-enhanced OpenICE. ACM SIGBED Review[J]. 2018, 16(2): 14-23, 
[15] 曹佳欣, 程亮, 张阳. 基于能力依赖图的SEAndroid安全策略分析. 计算机系统应用[J]. 2018, 27(10): 112-120, http://ir.iscas.ac.cn/handle/311060/19078.
[16] 傅玉, 邓艺, 孙晓山, 程亮, 张阳, 冯登国. 面向二进制程序的空指针解引用错误的检测方法. 计算机学报[J]. 2018, 41(3): 574-587, http://lib.cqvip.com/Qikan/Article/Detail?id=674756940.
[17] Cheng Liang, Li, Zhangtan, Zhang Yi, Yang Zhang, Insup Lee. Protecting interoperable clinical environment with authentication. ACM SIGBED REVIEW[J]. 2017, 14(2): 34-43, 
[18] 万云鹏, 邓艺, 石东辉, 程亮, 张阳. 基于符号执行的自动利用生成系统. 计算机系统应用[J]. 2017, 26(10): 44-52, http://lib.cqvip.com/Qikan/Article/Detail?id=673513549.
[19] Yang Zhang, Xiaoshan Sun, Yi Deng, Liang Cheng, Shuke Zeng, Yu Fu, Dengguo Feng. Improving Accuracy of Static Integer Overflow Detection in Binary. The 18th International Symposium on Research in Attacks, Intrusions,and Defenses. 2015, 
[20] Han Zhihui, Cheng Liang, Zhang Yang, Feng Dengguo. Operating System Security Policy Hardening via Capability Dependency Graphs. INFORMATION SECURITY PRACTICE AND EXPERIENCE, ISPEC 2015. 2015, 9065: 3-17, 
[21] 曾述可, 张阳, 程亮, 邓艺, 冯登国. 一种静态分析工具的优化方法. 小型微型计算机系统[J]. 2015, 36(4): 648-653, 
[22] Han Zhihui, Cheng Liang, Zhang Yang, Zeng Shuke, Deng Yi, Sun Xiaoshan. Systematic Analysis and Detection of Misconfiguration Vulnerabilities in Android Smartphones. 2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM). 2014, 432-439, 
[23] Cheng, Liang, Zhang, Yang, Han, Zhihui, Deng, Yi, Sun, Xiaoshan, Feng, Dengguo. Evaluating and comparing the quality of access control in different operating systems. COMPUTERS & SECURITY[J]. 2014, 47: 26-40, http://dx.doi.org/10.1016/j.cose.2014.05.001.
[24] 曾述可, 张阳, 程亮, 邓艺, 冯登国. 一种针对 Android系统隐私保护机制有效性的评估方法. 中国科学技术大学学报[J]. 2014, 44(10): 853-861, 
[25] Chen Dong, Zhang Yang, Cheng Liang, Deng Yi, Sun Xiaoshan. Heuristic path pruning algorithm based on error handling pattern recognition in detecting vulnerability. 2013 IEEE 37TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSACW). 2013, 95-100, http://dx.doi.org/10.1109/COMPSACW.2013.14.
[26] Zhihui Han, Liang Cheng, Yang Zhang, Dengguo Feng. Measuring and Comparing the Protection Quality in Different Operating Systems. Network and System Security (NSS). 2013, 
[27] Sun Xiaoshan, Zhang Yang, Cheng Liang. A Linear-Time Complexity Algorithm for Solving the Dyck-CFL Reachability Problem on Bi-directed Trees. FIFTH INTERNATIONAL CONFERENCE ON MACHINE VISION (ICMV 2012): COMPUTER VISION, IMAGE ANALYSIS AND PROCESSING. 2013, 8783: 
[28] Sun Xiaoshan, Zhang Yang, Cheng Liang. A linear-time complexity algorithm for solving the dyck-cfl reachability problem on bi-directed trees. 5th International Conference on Machine Vision: Computer Vision, Image Analysis and Processing, ICMV 2012. 2013, http://ir.iscas.ac.cn/handle/311060/16654.
[29] Xiaoshan Sun, Liang Cheng, Yang Zhang, Yi Deng, Jingbiao Hou. Refining the pointer analysis by exploiting constraints on the CFL-paths. THE20THASIAPACIFICSOFTWAREENGINEERINGCONFERENCEAPSEC2013. 2013, 
[30] Cheng Liang, Zhang Yang, Han Zhihui. Quantitatively Measure Access Control Mechanisms Across Different Operating Systems. 2013 IEEE 7TH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY (SERE). 2013, 50-59, 
[31] Chen Dong, Zhang Yang, Cheng Liang, Deng Yi, Sun Xiaoshan. Heuristic path pruning algorithm based on error handling pattern recognition in detecting vulnerability. 2013 IEEE 37th Annual Computer Software and Applications Conference Workshops, COMPSACW 2013. 2013, 95-100, http://ir.iscas.ac.cn/handle/311060/16542.
[32] 程亮, 张阳, Han Zhihui. Quantitatively Measure Access Control Mechanisms Across Different Operating Systems. 7th IEEE International Conference on Software Security and Reliability (SERE). 2013, 50-59, http://ir.iscas.ac.cn/handle/311060/16550.
[33] Sun, Xiaoshan, Cheng, Liang, Zhang, Yang. A Covert Timing Channel via Algorithmic Complexity Attacks: Design and Analysis. 2011 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC). 2011, 
[34] Cheng Liang, Zhang Yang. Model checking security policy model using both uml static and dynamic diagrams. ACM INTERNATIONAL CONFERENCE PROCEEDING SERIES. 2011, 159-166, http://ir.iscas.ac.cn/handle/311060/16239.

科研活动

   
科研项目
( 1 ) 逻辑驱动的跨操作系统安全机制评价方法研究, 负责人, 国家任务, 2012-01--2014-12
( 2 ) 操作系统访问控制错误修复方法研究, 参与, 国家任务, 2015-01--2018-12
( 3 ) 基于源代码的深度安全测试和漏洞挖掘研究, 负责人, 国家任务, 2016-05--2017-05
( 4 ) 软件与系统漏洞分析与可利用判定技术研究, 参与, 国家任务, 2017-07--2021-06
( 5 ) 基于智能模糊测试的深度漏洞挖掘技术研究, 负责人, 国家任务, 2018-01--2018-12
( 6 ) xx安全研究, 参与, 国家任务, 2019-10--2022-10
( 7 ) 保密****采购项目, 负责人, 国家任务, 2021-11--2022-11
参与会议
(1)Improving accuracy of static integer overflow detection in binary   Yang Zhang, Xiaoshan Sun, Yi Deng, Liang Cheng, Shuke Zeng, Yu Fu, Dengguo Feng   2015-11-02

指导学生

已指导学生

曹佳欣  硕士研究生  085211-计算机技术  

王化磊  硕士研究生  083500-软件工程  

现指导学生

涂莉宗  硕士研究生  085400-电子信息