主要研究方向是系统安全、嵌入式设备漏洞挖掘与防护。主持国家自然科学基金委面上项目等国家级项目，在USENIX Security、ASPLOS、ISSTA等系统安全和软工领域发表论文30余篇。目前主要开展大模型赋能安全、自主系统系统安全（无人机、智能汽车）、具身智能安全、主动防御等安全前沿技术的研究。

• 漏洞静态分析：污点分析 [ASPLOS'24, ISSTA'23, SEC'21, DSN'18], 漏洞利用[TIFS'25]
• 漏洞动态分析：固件仿真 [NDSS'26, ISSTA'22, USENIX Sec'19]，根因分析 [TOSEM'25]，模糊测试 [WWW'24, USENIX Sec'23, JSA'22, ACSAC'21], 模糊测试对抗[TOSEM'24]
• 大模型赋能漏洞分析: 静态分析 [ASE'25, TOSEM'25]，动态分析 [ISSTA'24]
• 自主系统安全: 无人机安全[NDSS'26], 机器人安全 [VMCAI'25], 汽车安全 [CSCWD'25]

课题组长期招收硕士、博士研究生，实习生，从事系统级漏洞挖掘与防御、自主无人系统安全、大模型赋能安全的研究。

083900-网络空间安全

芯片与系统安全；物联网设备安全；漏洞挖掘

   

2024-11~现在, 中国科学院信息工程研究所, 研究员
2024-03~2024-11,中国科学院信息工程研究所, 副研究员
2020-12~2024-03,新加坡南洋理工大学, 博士后研究员

• [NDSS-26] Yuncheng Wang, Yaowen Zheng#, Puzhuo Liu, Dongliang Fang, Jiaxing Cheng, Dingyi Shi, Limin Sun. ADGFUZZ: Assignment Dependency-Guided Fuzzing for Robotic Vehicles. Network and Distributed System Security Symposium, 2026 (CCF-A, 共同一作).
• [NDSS-26] Chuan Qin, Cen Zhang, Yaowen Zheng, Puzhuo Liu, Jian Zhang, Yeting Li, Weidong Zhang, Yang Liu, Limin Sun. User-Space Dependency-Aware Rehosting for Linux-Based Firmware Binaries. Network and Distributed System Security Symposium, 2026 (CCF-A).
• [ASE-25] Siyuan Li, Yaowen Zheng, Hong Li, Jingdong Guo, Chaopeng Dong, Chunpeng Yan, Weijie Wang Yimo Ren, Limin Sun, Hongsong Zhu. Lares: LLM-driven Code Slice Semantic Search for Patch Presence Testing, 40th IEEE/ACM Automated Software Engineering Conference (CCF-A).
• [TIFS-25] Zuxin Chen, Yaowen Zheng, Hong Li, Siyuan Li, Weijie Wang, Dongliang Fang, Zhiqiang Shi, Limin Sun, PREXP: Uncovering and Exploiting Security-Sensitive Objects in the Linux Kernel. IEEE Transactions on Information Forensics and Security, 2025 (CCF-A).
• [TOSEM-25] Jingquan Ge, Yaowen Zheng, Yuekang Li, Wei Ma, Sheikh Mahbub Habib, Praveen Kakkolangara, Gabriel Wayne Byman, Yang Liu. OptRCA: A More Efficient and Accurate Approach for Automated Root Cause Analysis and Explanation. ACM Transactions on Software Engineering and Methodology, 2025 (CCF-A).
• [TOSEM-25] Puzhuo Liu, Chengnian Sun, Yaowen Zheng, Xuan Feng, Chuan Qin, Yuncheng Wang, Zhenyang Xu, Zhi Li, Peng Di, Yu Jiang, Limin Sun. LLM-Powered Static Binary Taint Analysis. ACM Transactions on Software Engineering and Methodology, 2025 (CCF-A).
• [TOSEM-25] Zhihao Lin, Wei Ma, Tao Lin, Yaowen Zheng, Jingquan Ge, Jun Wang, Jacques Klein, Tegawende Bissyande, Yang Liu, Li Li, Open-Source AI-based SE Tools: Opportunities and Challenges of Collaborative Software Learning. ACM Transactions on Software Engineering and Methodology, 2025 (CCF-A).
• [VMCAI-25] Yuncheng Wang, Puzhuo Liu, Yaowen Zheng, Dongliang Fang, Zhiwen Pan, Shuaizong Si, Weidong Zhang and Limin Sun, Automated Flaw Detection for Industrial Robot RESTful Service. International Conference on Verification, Model Checking and Abstract Interpretation, 2025 (CCF-B).
• [WASA-25] Zhanwei Song, Dongliang Fang, Shunchao Xu, Yaowen Zheng, Hong Li, Shichao Lv, Zhiqiang Shi, Limin Sun. ICSPFuzzer: An Efficient Fuzzing Technique for ICS Protocols, Wireless Artificial Intelligent Computing Systems and Applications, 2025.
• [CWCWD-25] Shenghao Lin, Fansong Chen, Laile Xi, Kaiyu Xie, Yaowen Zheng, Haiqiang Fei, Yuyan Sun, Hongsong Zhu. ScenarioFuzz-LLM: Enhancing Diversity in Autonomous Driving Scenario Fuzzing with LLMs. International Conference on Computer Supported Cooperative Work in Design, 2025.
• [PETS-25] Yi Liu, Gelei Deng, Junchen Ding, Yuekang Li, Tianwei Zhang, Weisong Sun, Yaowen Zheng, Jingquan Ge, Mission: Impossible - Image Based Geolocation with Large Vision Language Models, Privacy Enhancing Technologies Symposium, 2025.
• [ISSTA-24] Cen Zhang, Yaowen Zheng*, Mingqiang Bai, Yeting Li, Wei Ma, Xiaofei Xie, Yuekang Li, Limin Sun, Yang Liu. How Effective Are They? Exploring Large Language Model Based Fuzz Driver Generation. The ACM SIGSOFT International Symposium on Software Testing and Analysis, 2024 (CCF-A, 通讯作者).
• [ASPLOS-24] Puzhuo Liu, Yaowen Zheng*, Chengnian Sun, Chuan Qin, Dongliang Fang, Mingdong Liu, Limin Sun. FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware. 29th International Conference on Architectural Support for Programming Languages and Operating Systems, 2024 (CCF-A, 通讯作者).
• [TOSEM-24] Puzhuo Liu, Yaowen Zheng*, Chengnian Sun, Hong Li, Zhi Li, Limin Sun. Battling against Protocol Fuzzing: Protecting Networked Embedded Devices from Dynamic Fuzzers. ACM Transactions on Software Engineering and Methodology, 2024 (CCF-A, 通讯作者).
• [WWW-24] Zhengjie Du, Yuekang Li#, Yaowen Zheng*, Xiaohan Zhang, Cen Zhang, Yi Liu, Sheikh Mahbub Habib, Xinghua Li, Linzhang Wang, Yang Liu, Bing Mao. Medusa: Unveil Memory Exhaustion DoS Vulnerabilities in Protocol Implementations. Proceedings of the ACM Web Conference, 2024 (CCF-A, 通讯作者).
• [ACM Comput Surv-24] Xiaohan Zhang, Cen Zhang, Xinghua Li, Zhengjie Du, Bing Mao, Yuekang Li, Yaowen Zheng, Yeting Li, Li Pan, Yang Liu, Robert H. Deng, A Survey of Protocol Fuzzing. ACM Computing Surveys, 2024, 57(2): 1-36 (IF>20).
• [SEA4DQ-24] Yi Liu, Gelei Deng, Zhengzi Xu, Yuekang Li, Yaowen Zheng, Ying Zhang, Lida Zhao, Tianwei Zhang, Kailong Wang, A Hitchhiker’s Guide to Jailbreaking ChatGPT via Prompt Engineering. Proceedings of the 4th International Workshop on Software Engineering and AI for Data Quality in Cyber-Physical Systems/Internet of Things.
• [ESE-24] Dongming Xiang, Yuanchang Lin, Liming Nie, Yaowen Zheng, Zhengzi Xu, Zuohua Ding, Yang Liu. An empirical study of attack-related events in DeFi projects development. Empirical Software Engineering, 2024 (CCF-B).
• [ISSTA-23] Kai Cheng, Yaowen Zheng*, Tao Liu, Le Guan, Peng Liu, Hong Li, Hongsong Zhu, Kejiang Ye, Limin Sun. Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis. In Proceedings of the 32st ACM SIGSOFT International Symposium on Software Testing and Analysis, 2023 (CCF-A, 通讯作者).
• [USENIX SEC-23] Cen Zhang, Yuekang Li, Hao Zhou, Xiaohan Zhang, Yaowen Zheng, Xian Zhan, Xiaofei Xie, Xiapu Luo, Xinghua Li, Yang Liu and Sheikh Mahbub Habib. Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation. In Proceedings of the 32nd USENIX Security Symposium, 2023 (CCF-A).
• [DATE-23] Jingquan Ge, Yuekang Li, Yang Liu, Yaowen Zheng, Yi Liu and Lida Zhao, PumpChannel: An Efficient and Secure Communication Channel for Trusted Execution Environment on ARM-FPGA Embedded SoC. Design, Automation and Test in Europe Conference, 2023 (CCF-B).
• [Computers & Security-23] Chuan Qin, Jiaqian Peng, Puzhuo Liu, Yaowen Zheng, Kai Cheng, Weidong Zhang, and Limin Sun. UCRF: Static Analyzing Firmware to Generate Under-constrained Seed for Fuzzing SOHO Router. Computers & Security, 2023 (CCF-B).
• [信息安全学报-23] 郑尧文, 文辉, 程凯, 李红, 朱红松, 孙利民, 物联网安全威胁与安全模型, 信息安全学报, 2023-09-06, 8(5): 81-95.
• [ISSTA-22] Yaowen Zheng, Yuekang Li, Cen Zhang, Hongsong Zhu, Yang Liu, Limin Sun. Efficient Greybox Fuzzing of Applications in Linux-based IoT Devices via Enhanced User-mode Emulation. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2022 (CCF-A).
• [JSA-22] Puzhuo Liu, Yaowen Zheng, Zhanwei Song, Dongliang Fang, Shichao Lv and Limin Sun. Fuzzing proprietary protocols of programmable controllers to find vulnerabilities that affect physical control. In Journal of Systems Architecture, 2022 (CCF-B).
• [CSCS-22] Jingquan Ge, Yuekang Li, Yaowen Zheng, Yang Liu, Sheikh Mahbub Habib. More Secure Collaborative APIs resistant to Flush-Based Cache Attacks on Cortex-A9 Based Automotive System. In Proceedings of the 6th ACM Computer Science in Cars Symposium, 2022.
• [WASA-22] Mengjie Sun, Ke Li, Yaowen Zheng, Weidong Zhang, Hong Li, Limin Sun. Inferring Device Interactions for Attack Path Discovery in Smart Home IoT. International Conference on Wireless Algorithms, Systems, and Applications, 2022.
• [ACNS-22] Yue Sun, Shichao Lv, Jianzhou You, Yuyan Sun, Xin Chen, Yaowen Zheng, Limin Sun. IPSpex: Enabling Efficient Fuzzing via Specification Extraction on ICS Protocol. In International Conference on Applied Cryptography and Network Security (ACNS), 2022.
• [IOT-22] Wei Zhou, Chen Cao, Dongdong Huo, Kai Cheng, Lan Zhang, Le Guan, Tao Liu, Yan Jia, Yaowen Zheng, Yuqing Zhang, Limin Sun, Yazhe Wang, Peng Liu. Reviewing IoT Security via Logic Bugs in IoT Platforms and Systems. In IEEE Internet of Things Journal, 2021.
• [ACSAC-21] Dongliang Fang, Zhanwei Song, Le Guan, Puzhuo Liu, Anni Peng, Kai Cheng, Yaowen Zheng, Peng Liu, Hongsong Zhu and Limin Sun. ICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by Fuzzing. In Annual Computer Security Applications Conference, 2021 (CCF-B).
• [SEC-21] Kai Cheng, Dongliang Fang, Chuan Qin, Huizhao Wang, Yaowen Zheng, Nan Yu, Limin Sun, Automatic Inference of Taint Sources to Discover Vulnerabilities in SOHO Router Firmware. In ICT Systems Security and Privacy Protection, 2021.
• [ACNS-20] Qian Chen, Kai Cheng, Yaowen Zheng, Hongsong Zhu, Limin Sun. Function-level Data Dependence Graph and its Application in Static Vulnerability Analysis. In Journal of Software, 2020.
• [软件学报-20] 陈千, 程凯, 郑尧文, 朱红松, 孙利民, 函数级数据依赖图及其在静态脆弱性分析中的应用.软件学报, 2020.
• [USENIX SEC-19] Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, Limin Sun. FIRM-AFL: High-throughput greybox fuzzing of IoT firmware via augmented process emulation. In USENIX Security Symposium, 2019 (CCF-A).
• [IPCCC-19] Yaowen Zheng, Zhanwei Song, Yuyan Sun, Kai Cheng, Hongsong Zhu, and Limin Sun. An Efficient Greybox Fuzzing Scheme for Linux-based IoT Programs Through Binary Static Analysis. In Proceedings of 38th International Performance Computing and Communications Conference, 2019.
• [信息安全学报-19] 郑尧文, 文辉, 程凯, 宋站威, 朱红松, 孙利民, 物联网设备漏洞挖掘技术研究综述. 信息安全学报2019年第五期.
• [DSN-18] Kai Cheng, Qiang Li, Lei Wang, Qian Chen, Yaowen Zheng, Limin Sun, Zhenkai Liang. Detecting the Taint-Style Vulnerability in Embedded Device Firmware. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2018 (CCF-B).
• [ICICS-16] Yaowen Zheng, Kai Cheng, Zhi Li, Shiran Pan, Hongsong Zhu, and Limin Sun. A Lightweight Method for Accelerating Discovery of Taint-Style Vulnerabilities in Embedded Systems. In Proceedings of the 18th International Conference on Information and Communications Security, 2016.