基本信息
郑尧文 中国科学院信息工程研究所 网络空间安全防御全国重点实验室 研究员
电子邮件: zhengyaowen@iie.ac.cn
通信地址: 北京市海淀区树村路19号
邮政编码: 100085
研究领域
主要研究方向是芯片与系统安全、嵌入式设备漏洞挖掘与防护。在USENIX Security、ASPLOS、ISSTA等系统安全和软工领域发表论文30余篇。目前主要开展智能网联汽车安全、芯片级主动安全防御前沿技术的研究。
招生信息
课题组长期招收硕士、博士研究生,实习生,从事系统级漏洞挖掘与防御、漏洞治理的研究。
招生专业
083900-网络空间安全
招生方向
芯片与系统安全;物联网设备安全;漏洞挖掘
教育背景
2013-09--2020-01 中国科学院大学 工学博士
2009-09--2013-06 四川大学 工学学士
2009-09--2013-06 四川大学 工学学士
工作经历
工作简历
2024-11~现在, 中国科学院信息工程研究所, 研究员
2024-03~2024-11,中国科学院信息工程研究所, 副研究员
2020-12~2024-03,新加坡南洋理工大学, 博士后研究员
2024-03~2024-11,中国科学院信息工程研究所, 副研究员
2020-12~2024-03,新加坡南洋理工大学, 博士后研究员
社会兼职
2023-09-27-今,Cybersecurity期刊客座编辑, 客座编辑
专利与奖励
出版信息
发表论文
(1) How Effective Are They? Exploring Large Language Model Based Fuzz Driver Generation, ISSTA, 2024, 第 2 作者 通讯作者
(2) An empirical study of attack-related events in DeFi projects development, Empirical Software Engineering, 2024, 第 4 作者
(3) FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware, ASPLOS, 2024, 第 2 作者 通讯作者
(4) Medusa: Unveil Memory Exhaustion DoS Vulnerabilities in Protocol Implementations, WWW, 2024, 第 3 作者 通讯作者
(5) Battling against Protocol Fuzzing: Protecting Networked Embedded Devices from Dynamic Fuzzers, TOSEM, 2024, 第 2 作者 通讯作者
(6) An Efficient and Secure Communication Channel for Trusted Execution Environment on ARM-FPGA Embedded SoC, DATE, 2023, 第 4 作者
(7) Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation, USENIX Security, 2023, 第 5 作者
(8) Automated GUI widgets classification, Automated GUI widgets classification, FRONTIERS OF COMPUTER SCIENCE, 2023, 第 4 作者
(9) UCRF: Static analyzing firmware to generate under-constrained seed for fuzzing SOHO router, COMPUTERS & SECURITY, 2023, 第 4 作者
(10) Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis, ISSTA'23, 2023, 第 2 作者 通讯作者
(11) 物联网安全威胁与安全模型, IoT Security Threat and Security Model, 信息安全学报, 2023, 第 1 作者
(12) A systematic mapping study for graphical user interface testing on mobile apps, IET SOFTWARE, 2023, 第 4 作者
(13) An Empirical Study of the Impact of COVID-19 on OSS Development, QRS, 2022, 第 4 作者
(14) More Secure Collaborative APIs resistant to Flush-Based Cache Attacks on Cortex-A9 Based Automotive System, CSCS, 2022, 第 3 作者
(15) Inferring Device Interactions for Attack Path Discovery in Smart Home IoT, WASA, 2022, 第 3 作者
(16) Fuzzing proprietary protocols of programmable controllers to find vulnerabilities that affect physical control, JOURNAL OF SYSTEMS ARCHITECTURE, 2022, 第 2 作者
(17) IPSpex: Enabling Efficient Fuzzing via Specification Extraction on ICS Protocol, ACNS 2022: Applied Cryptography and Network Security, 2022, 第 6 作者
(18) Efficient Greybox Fuzzing of Applications in Linux-based IoT Devices via Enhanced User-mode Emulation, 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2022), 2022, 第 1 作者
(19) Automatic Inference of Taint Sources to Discover Vulnerabilities in SOHO Router Firmware, SEC, 2021, 第 5 作者
(20) ICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by Fuzzing, ACSAC, 2021, 第 7 作者
(21) Reviewing IoT Security via Logic Bugs in IoT Platforms and Systems, IEEE INTERNET OF THINGS JOURNAL, 2021, 第 9 作者
(22) 函数级数据依赖图及其在静态脆弱性分析中的应用, 软件学报, 2020, 第 3 作者
(23) FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation, PROCEEDINGS OF THE 28TH USENIX SECURITY SYMPOSIUM, 2019, 第 1 作者
(24) An Efficient Greybox Fuzzing Scheme for Linux-based IoT Programs Through Binary Static Analysis, 2019 IEEE 38TH INTERNATIONAL PERFORMANCE COMPUTING AND COMMUNICATIONS CONFERENCE (IPCCC), 2019, 第 1 作者
(25) 物联网设备漏洞挖掘技术研究综述, A Survey of IoT Device Vulnerability Mining Techniques, 信息安全学报, 2019, 第 1 作者
(26) DTaint: Detecting the Taint-Style Vulnerability in Embedded Device Firmware, 2018 48TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN), 2018, 第 5 作者
(27) A Lightweight Method for Accelerating Discovery of Taint-Style Vulnerabilities in Embedded Systems, INFORMATION AND COMMUNICATIONS SECURITY, ICICS 2016, 2016, 第 1 作者
(2) An empirical study of attack-related events in DeFi projects development, Empirical Software Engineering, 2024, 第 4 作者
(3) FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware, ASPLOS, 2024, 第 2 作者 通讯作者
(4) Medusa: Unveil Memory Exhaustion DoS Vulnerabilities in Protocol Implementations, WWW, 2024, 第 3 作者 通讯作者
(5) Battling against Protocol Fuzzing: Protecting Networked Embedded Devices from Dynamic Fuzzers, TOSEM, 2024, 第 2 作者 通讯作者
(6) An Efficient and Secure Communication Channel for Trusted Execution Environment on ARM-FPGA Embedded SoC, DATE, 2023, 第 4 作者
(7) Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation, USENIX Security, 2023, 第 5 作者
(8) Automated GUI widgets classification, Automated GUI widgets classification, FRONTIERS OF COMPUTER SCIENCE, 2023, 第 4 作者
(9) UCRF: Static analyzing firmware to generate under-constrained seed for fuzzing SOHO router, COMPUTERS & SECURITY, 2023, 第 4 作者
(10) Detecting Vulnerabilities in Linux-based Embedded Firmware with SSE-based On-demand Alias Analysis, ISSTA'23, 2023, 第 2 作者 通讯作者
(11) 物联网安全威胁与安全模型, IoT Security Threat and Security Model, 信息安全学报, 2023, 第 1 作者
(12) A systematic mapping study for graphical user interface testing on mobile apps, IET SOFTWARE, 2023, 第 4 作者
(13) An Empirical Study of the Impact of COVID-19 on OSS Development, QRS, 2022, 第 4 作者
(14) More Secure Collaborative APIs resistant to Flush-Based Cache Attacks on Cortex-A9 Based Automotive System, CSCS, 2022, 第 3 作者
(15) Inferring Device Interactions for Attack Path Discovery in Smart Home IoT, WASA, 2022, 第 3 作者
(16) Fuzzing proprietary protocols of programmable controllers to find vulnerabilities that affect physical control, JOURNAL OF SYSTEMS ARCHITECTURE, 2022, 第 2 作者
(17) IPSpex: Enabling Efficient Fuzzing via Specification Extraction on ICS Protocol, ACNS 2022: Applied Cryptography and Network Security, 2022, 第 6 作者
(18) Efficient Greybox Fuzzing of Applications in Linux-based IoT Devices via Enhanced User-mode Emulation, 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2022), 2022, 第 1 作者
(19) Automatic Inference of Taint Sources to Discover Vulnerabilities in SOHO Router Firmware, SEC, 2021, 第 5 作者
(20) ICS3Fuzzer: A Framework for Discovering Protocol Implementation Bugs in ICS Supervisory Software by Fuzzing, ACSAC, 2021, 第 7 作者
(21) Reviewing IoT Security via Logic Bugs in IoT Platforms and Systems, IEEE INTERNET OF THINGS JOURNAL, 2021, 第 9 作者
(22) 函数级数据依赖图及其在静态脆弱性分析中的应用, 软件学报, 2020, 第 3 作者
(23) FIRM-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation, PROCEEDINGS OF THE 28TH USENIX SECURITY SYMPOSIUM, 2019, 第 1 作者
(24) An Efficient Greybox Fuzzing Scheme for Linux-based IoT Programs Through Binary Static Analysis, 2019 IEEE 38TH INTERNATIONAL PERFORMANCE COMPUTING AND COMMUNICATIONS CONFERENCE (IPCCC), 2019, 第 1 作者
(25) 物联网设备漏洞挖掘技术研究综述, A Survey of IoT Device Vulnerability Mining Techniques, 信息安全学报, 2019, 第 1 作者
(26) DTaint: Detecting the Taint-Style Vulnerability in Embedded Device Firmware, 2018 48TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN), 2018, 第 5 作者
(27) A Lightweight Method for Accelerating Discovery of Taint-Style Vulnerabilities in Embedded Systems, INFORMATION AND COMMUNICATIONS SECURITY, ICICS 2016, 2016, 第 1 作者