Long Lu

Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code

Sun, 01 Aug 2021 00:00:00 +0000

PTAuth: Temporal Memory Safety via Robust Points-to Authentication

Sun, 01 Aug 2021 00:00:00 +0000

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis

Sat, 01 May 2021 00:00:00 +0000

Google will sponsor our research on hardware-based memory safety via an ASPIRE Award.

Fri, 30 Oct 2020 17:05:21 -0400

Google ASPIRE Award

Fri, 30 Oct 2020 00:00:00 +0000

MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing

Thu, 01 Oct 2020 00:00:00 +0000

Rethinking Fuzzing for Security

Thu, 01 Oct 2020 00:00:00 +0000

NSF will fund our research on optimizing fuzzing for vulnerability coverage.

Sun, 20 Sep 2020 12:34:34 -0400

Two papers, [FICS](/publication/fics/) (finding bugs using your own code) and [PTAuth](/publication/ptauth/) (points-to authentication for temporal safety), are accepted by [USENIX Security'21](https://www.usenix.org/conference/usenixsecurity21).

Wed, 05 Aug 2020 12:11:47 -0400

P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling

Sat, 01 Aug 2020 00:00:00 +0000

Our [DICE](/publication/dice/) paper, on DMA-enabled embedded firmware analysis, is accepted by S&P/Oakland'21.

Sun, 21 Jun 2020 21:49:20 -0400

I'm awarded (early) tenure at Northeastern. I couldn't have done it without my students, collaborators, and family. Thank you all!

Fri, 05 Jun 2020 00:26:40 -0400

Our [MEUZZ](/publication/meuzz) paper is accepted by RAID 2020.

Tue, 26 May 2020 18:05:04 -0400

OAT: Attesting Operation Integrity of Embedded Devices

Fri, 01 May 2020 00:00:00 +0000

SAVIOR: Towards Bug-Driven Hybrid Testing

Fri, 01 May 2020 00:00:00 +0000

Detecting (Absent) App-to-app Authentication on Cross-device Short-distance Channels

Sun, 01 Dec 2019 00:00:00 +0000

Our [OAT](/publication/oat) paper, on operation integrity attestation, is accepted by S&P/Oakland'20.

Mon, 30 Sep 2019 17:05:21 -0400

An Analysis of Malware Trends in Enterprise Networks

Sun, 01 Sep 2019 00:00:00 +0000

Google will sponsor our research on mobile security via an ASPIRE Award.

Fri, 30 Aug 2019 17:05:21 -0400

Our P²IM paper, on scalable and hardware-independent firmware testing, is accepted by USENIX Security 2020.

Tue, 20 Aug 2019 17:05:21 -0400

Our [paper](/publication/cristalli-19) on detecting insecure cross-device authentication is accepted by ACSAC'19.

Thu, 01 Aug 2019 17:05:21 -0400

Google ASPIRE Award

Thu, 01 Aug 2019 00:00:00 +0000

StreamBox-TZ: Secure Stream Analytics at the Edge with TrustZone

Mon, 01 Jul 2019 00:00:00 +0000

PTrix: Efficient Hardware-Assisted Fuzzing for COTS Binary

Sat, 01 Jun 2019 00:00:00 +0000

Our [SAVIOR](/publication/savior) paper is accepted by S&P/Oakland'20.

Tue, 30 Apr 2019 18:05:21 -0400

Our [PTrix](/publication/ptrix) paper is accepted by AsiaCCS'19

Tue, 30 Apr 2019 17:05:21 -0400

Our [StreamBox-TZ](/publication/streambox-tz) paper is accepted by USENIX ATC'19.

Sat, 20 Apr 2019 17:05:21 -0400

Our [TEEv paper](/publication/li-2019/) won the Best Paper Award at ACM VEE'19!

Wed, 10 Apr 2019 17:05:21 -0400

TEEv: Virtualizing Trusted Execution Environments on Mobile Platforms

Mon, 01 Apr 2019 00:00:00 +0000

Internet-of-Things (IoT) and Cyber-Physical Systems (CPS) Security

Mon, 01 Oct 2018 00:00:00 +0000

An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications

Wed, 01 Aug 2018 00:00:00 +0000

Automated Protocol Specialization and Diversification for Individualized Defense

Wed, 01 Aug 2018 00:00:00 +0000

Teaching

Thu, 28 Jun 2018 00:00:00 +0100

This page is being revamped with all links temporarily removed. Please check back in the fall.

CY 5130/3740 Systems Security (Fall 2020)
CS 7775 Special Topics on Advanced Systems Security (Spring 2020)
CY 5130/3740 Systems Security (Fall 2019)
CS 3700 Networks and Distributed Systems (Fall 2018)
CS 3740 Systems Security (Spring 2018)
CS 7775 Special Topics on Advanced Systems Security (Fall 2017)
CSE 331 Computer Security Fundamentals (Fall 2016, Stony Brook)
ISE 331 Computer Security (Spring 2016, Stony Brook)
CSE 408 Network Security (Spring 2015, Stony Brook)
CSE 509 Computer System Security (Fall 2014, Stony Brook)
CSE 508 Network Security (Spring 2014, Stony Brook)
CSE 608 Advanced Computer Security (Fall 2013, Stony Brook)

VButton: Practical Attestation of User-driven Operations in Mobile Apps

Fri, 01 Jun 2018 00:00:00 +0000

Compiler-assisted Code Randomization and Hardening

Tue, 01 May 2018 00:00:00 +0000

Enabling Secure Integration of Web and Mobile: A Principled Multi-Level Approach

Thu, 01 Feb 2018 00:00:00 +0000

InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android

Mon, 01 Jan 2018 00:00:00 +0000

Multi-layer Software Transformation for Attack Surface Reduction and Shielding

Fri, 01 Sep 2017 00:00:00 +0000

Norax: Enabling Execute-Only Memory for COTS Binaries on AArch64

Mon, 01 May 2017 00:00:00 +0000

Secure Integration of Web Content and Applications on Commodity Mobile Operating Systems

Sat, 01 Apr 2017 00:00:00 +0000

CAREER: Rethinking Mobile Security in the New Age of App-as-a-Platform

Wed, 01 Mar 2017 00:00:00 +0000

ReARM: Protecting ARM Binaries via Load-time Reduction and Run-time Read-Protection

Wed, 01 Mar 2017 00:00:00 +0000

Where is the Weakest Link? A Study on Security Discrepancies between Android Apps and Their Website Counterparts

Wed, 01 Mar 2017 00:00:00 +0000

CASE: Comprehensive Application Security Enforcement on COTS Mobile Devices

Wed, 01 Jun 2016 00:00:00 +0000

Shreds: Fine-grained Execution Units with Private Memory

Sun, 01 May 2016 00:00:00 +0000

Remix: On-demand Live Randomization

Tue, 01 Mar 2016 00:00:00 +0000

WebCapsule: Towards a Lightweight Forensic Engine for Web Browsers

Sun, 01 Nov 2015 00:00:00 +0000

Cross-application and Cross-platform Tracking of Web Users: Techniques and Countermeasures

Tue, 01 Sep 2015 00:00:00 +0000

MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Tue, 01 Sep 2015 00:00:00 +0000

Software Diversification for Attack Prevention and Forecasting

Wed, 01 Jul 2015 00:00:00 +0000

Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting

Thu, 01 Jan 2015 00:00:00 +0000

Preventing Use-after-free with Dangling Pointers Nullification

Thu, 01 Jan 2015 00:00:00 +0000

Enabling Secure and Trustworthy Compartments in Mobile Applications

Fri, 01 Aug 2014 00:00:00 +0000

From Zygote to Morula: Fortifying Weakened ASLR on Android

Wed, 01 Jan 2014 00:00:00 +0000

A Static Approach to Vetting Vulnerable Android Apps

Tue, 01 Oct 2013 00:00:00 +0000

Jekyll on iOS: When Benign Apps Become Evil

Tue, 01 Jan 2013 00:00:00 +0000

CHEX: statically vetting Android apps for component hijacking vulnerabilities

Sun, 01 Jan 2012 00:00:00 +0000

Robust Scareware Image Detection

Sun, 01 Jan 2012 00:00:00 +0000

SURF: detecting and measuring search poisoning

Sat, 01 Jan 2011 00:00:00 +0000

BLADE: an attack-agnostic approach for preventing drive-by malware infections

Fri, 01 Jan 2010 00:00:00 +0000

Mapping kernel objects to enable systematic integrity checking

Thu, 01 Jan 2009 00:00:00 +0000

students

Mon, 01 Jan 0001 00:00:00 +0000

Long Lu

Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code

PTAuth: Temporal Memory Safety via Robust Points-to Authentication

DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis

Google will sponsor our research on hardware-based memory safety via an ASPIRE Award.

Google ASPIRE Award

MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing

Rethinking Fuzzing for Security

NSF will fund our research on optimizing fuzzing for vulnerability coverage.

Two papers, [FICS](/publication/fics/) (finding bugs using your own code) and [PTAuth](/publication/ptauth/) (points-to authentication for temporal safety), are accepted by [USENIX Security'21](https://www.usenix.org/conference/usenixsecurity21).

P2IM: Scalable and Hardware-independent Firmware Testing via Automatic Peripheral Interface Modeling

Our [DICE](/publication/dice/) paper, on DMA-enabled embedded firmware analysis, is accepted by S&P/Oakland'21.

I'm awarded (early) tenure at Northeastern. I couldn't have done it without my students, collaborators, and family. Thank you all!

Our [MEUZZ](/publication/meuzz) paper is accepted by RAID 2020.

OAT: Attesting Operation Integrity of Embedded Devices

SAVIOR: Towards Bug-Driven Hybrid Testing

Detecting (Absent) App-to-app Authentication on Cross-device Short-distance Channels

Our [OAT](/publication/oat) paper, on operation integrity attestation, is accepted by S&P/Oakland'20.

An Analysis of Malware Trends in Enterprise Networks

Google will sponsor our research on mobile security via an ASPIRE Award.

Our P2IM paper, on scalable and hardware-independent firmware testing, is accepted by USENIX Security 2020.

Our [paper](/publication/cristalli-19) on detecting insecure cross-device authentication is accepted by ACSAC'19.

Google ASPIRE Award

StreamBox-TZ: Secure Stream Analytics at the Edge with TrustZone

PTrix: Efficient Hardware-Assisted Fuzzing for COTS Binary

Our [SAVIOR](/publication/savior) paper is accepted by S&P/Oakland'20.

Our [PTrix](/publication/ptrix) paper is accepted by AsiaCCS'19

Our [StreamBox-TZ](/publication/streambox-tz) paper is accepted by USENIX ATC'19.

Our [TEEv paper](/publication/li-2019/) won the **Best Paper Award** at ACM VEE'19!

TEEv: Virtualizing Trusted Execution Environments on Mobile Platforms

Internet-of-Things (IoT) and Cyber-Physical Systems (CPS) Security

An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications

Automated Protocol Specialization and Diversification for Individualized Defense

Teaching

VButton: Practical Attestation of User-driven Operations in Mobile Apps

Compiler-assisted Code Randomization and Hardening

Enabling Secure Integration of Web and Mobile: A Principled Multi-Level Approach

InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android

Multi-layer Software Transformation for Attack Surface Reduction and Shielding

Norax: Enabling Execute-Only Memory for COTS Binaries on AArch64

Secure Integration of Web Content and Applications on Commodity Mobile Operating Systems

CAREER: Rethinking Mobile Security in the New Age of App-as-a-Platform

ReARM: Protecting ARM Binaries via Load-time Reduction and Run-time Read-Protection

Where is the Weakest Link? A Study on Security Discrepancies between Android Apps and Their Website Counterparts

CASE: Comprehensive Application Security Enforcement on COTS Mobile Devices

Shreds: Fine-grained Execution Units with Private Memory

Remix: On-demand Live Randomization

WebCapsule: Towards a Lightweight Forensic Engine for Web Browsers

Cross-application and Cross-platform Tracking of Web Users: Techniques and Countermeasures

MALDIVES: Developing a Comprehensive Understanding of Malware Delivery Mechanisms

Software Diversification for Attack Prevention and Forecasting

Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting

Preventing Use-after-free with Dangling Pointers Nullification

Enabling Secure and Trustworthy Compartments in Mobile Applications

From Zygote to Morula: Fortifying Weakened ASLR on Android

A Static Approach to Vetting Vulnerable Android Apps

Jekyll on iOS: When Benign Apps Become Evil

CHEX: statically vetting Android apps for component hijacking vulnerabilities

Robust Scareware Image Detection

SURF: detecting and measuring search poisoning

BLADE: an attack-agnostic approach for preventing drive-by malware infections

Mapping kernel objects to enable systematic integrity checking

students

Our P²IM paper, on scalable and hardware-independent firmware testing, is accepted by USENIX Security 2020.

Our [TEEv paper](/publication/li-2019/) won the Best Paper Award at ACM VEE'19!