Chengyu Song

PhD Student
College of Computing
Georgia Institute of Technology

Member
Systems Software & Security Lab
Georgia Tech Information Security Center (GTISC)
The Honeynet Project
disekt (for DARPA CGC)

Office:
Room 3108, Klaus Advance Computing Building
266 Ferst Drive
Atlanta, GA 30332-0765

csong84(__at__)gatech.edu

CVGoogle ScholarGitHubdblp

About Me

I am a 6th year PhD student at Georgia Tech supervised by professor Wenke Lee and Taesoo Kim.

Before coming to Georgia Tech, I finished my Master degree in Engineering Research Center of Information Security (ERCIS), Institute of Computer Science and Technology (ICST) at Peking University. I did my Bachelor's in Computer Science as a member of Yuanpei Program (now known as Yuanpei College) at Peking University.

Research Interets

System Security, Program Analysis, Operating Systems, Program Verification, and Privacy Protection

Publications

  1. HDFI: Hardware-Assisted Data-flow Isolation (to appear) [Paper]
    Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek
    In Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland'16),
    San Jose, CA, May 2016.
  2. Enforcing Kernel Security Invariants with Data Flow Integrity [Paper]
    Chengyu Song, Byoungyoung Lee, Kangjie Lu, William R. Harris, Taesoo Kim, and Wenke Lee
    In Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS'16),
    San Diego, CA, Feburary 2016.
  3. VTrust: Regaining Trust on Virtual Calls [Paper]
    Chao Zhang, Scott A. Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, and Dawn Song
    In Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS'16),
    San Diego, CA, Feburary 2016.
  4. ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks [Paper | Source]
    Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, and Wenke Lee
    In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS'15),
    Denver, CO, October 2015.
  5. Cross-checking Semantic Correctness: The Case of Finding File System Bugs [Paper | Source]
    Changwoo Min, Sanidhya Kashyap, Byoungyoung Lee, Chengyu Song, and Taesoo Kim
    In Proceedings of the 25th ACM Symposium on Operating Systems Principles (SOSP'15),
    Monterey, CA, October 2015.
  6. Type Casting Verification: Stopping an Emerging Attack Vector [Paper | Source]
    Byoungyoung Lee, Chengyu Song, Taesoo Kim, and Wenke Lee
    In Proceedings of the 24th USENIX Security Symposium (Security'15),
    Washington, D.C., August 2015. ( 2015 Internet Defense Prize )
  7. JITScope: Protecting Web Users from Control-Flow Hijacking Attacks [Paper]
    Chao Zhang, Mehrdad Niknami, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, and Dawn Song
    In Proceedings of the 34th Annual IEEE International Conference on Computer Communications (InfoCom'15),
    Hong Kong, China, April 2015.
  8. Exploiting and Protecting Dynamic Code Generation [Paper | Source]
    Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, and David Melski
    In Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS'15),
    San Diego, CA, Feburary 2015.
  9. VTint: Protecting Virtual Function Tables' Integrity [Paper]
    Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, and Dawn Song
    In Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS'15),
    San Diego, CA, Feburary 2015.
  10. Preventing Use-after-free with Dangling Pointers Nullification [Paper]
    Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, and Wenke Lee
    In Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS'15),
    San Diego, CA, Feburary 2015. ( CSAW Best Applied Research Papers (3rd place) )
  11. A11y Attacks: Exploiting Accessibility in Operating Systems [Paper]
    Yeongjin Jang, Chengyu Song, Simon P. Chung, Tielei Wang, and Wenke Lee
    In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS'14),
    Scottsdale, AZ, November 2014.
  12. Mimesis Aegis: A Mimicry Privacy Shield [Paper]
    Billy Lau, Pak Ho Chung, Chengyu Song, Yeongjin Jang, Wenke Lee, and Alexandra Boldyreva
    In Proceedings of the 23rd USENIX Security Symposium (Security'14),
    San Diego, CA, August 2014.
  13. Abusing Performance Optimization Weaknesses to Bypass ASLR [Slides]
    Byoungyoung Lee, Yeongjin Jang, Tielei Wang, Chengyu Song, Long Lu, Taesoo Kim, and Wenke Lee
    In BlackHat USA 2014,
    Las Vegas, NV, Auguest 2014.
  14. Diagnosis and Emergency Patch Generation for Integer Overflow Exploits [Paper]
    Tielei Wang, Chengyu Song, and Wenke Lee
    In Proceedings of the 11th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'14),
    Egham, London, UK, July 2014.
  15. Mactans: Injecting Malware Into iOS Devices via Malicious Chargers [Paper | Slides]
    Billy Lau, Yeongjin Jang, Chengyu Song, Tielei Wang, Pak Ho Chung, and Paul Royal
    In BlackHat USA 2013,
    Las Vegas, NV, Auguest 2013.
  16. Flowers for Automated Malware Analysis [Paper | Slides]
    Chengyu Song and Paul Royal
    In BloackHat USA 2012,
    Las Vegas, NV, July 2012.
  17. Impeding Automated Malware Analysis with Environment-sensitive Malware [Paper]
    Chengyu Song, Paul Royal, and Wenke Lee
    In Proceedings of the 7th USENIX conference on Hot topics in Security (HotSec'12),
    Bellevue, WA, USA, August 2012.
  18. Preventing Drive-by Download via Inter-Module Communication Monitoring [Paper]
    Chengyu Song, Jianwei Zhuge, Xinhui Han, and Zhiyuan Ye
    In Proceedings of the 15th ACM Symposium on Information, Computer and Communications Security (AsiaCCS'10),
    Beijing, China, April 2010.
  19. Studying Malicious Websites and the Undergrounding Economy on the Chinese Web [Paper]
    Jianwei Zhuge, Thorsen Holz, Chengyu Song, Jinpeng Guo, Xinhui Han, and Wei Zou
    In Proceedings of the 7th Workshop on the Economics of Information Security (WEIS'08),
    Hanover, NH, June, 2008.
  20. Collecting Autonomous Spreading Malware Using High-interaction Honeypot [Paper]
    Jianwei Zhuge, Thorsen Holz, Xinhui Han, Chengyu Song, and Wei Zou
    In Proceedings of the 9th International Conference on Information and Communications Security (ICICS'07),
    Zhengzhou, China, Dec 2007.

Professional Experience

Google Analytics Alternative